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Constraint Handling Rules (CHR) is a declarative committed-choice programming language with 
a strong relationship to linear logic. Its generalization CHR with Disjunction (CHR V ) is a multi- 
paradigm declarative programming language that allows the embedding of horn programs. 

We analyse the assets and the limitations of the classical declarative semantics of CHR before 
we motivate and develop a linear-logic declarative semantics for CHR and CHR V . 

We show how to apply the linear-logic semantics to decide program properties and to prove 
operational equivalence of CHR V programs across the boundaries of language paradigms. 

Categories and Subject Descriptors: F.3.1 [Theory of Computation]: Logics and Meanings of Programs — 
Specifying and Verifying and Reasoning about Programs; F.3.2 [Theory of Computation] : Logics and Meanings 
of Programs — Semantics of Programming Languages 
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1. INTRODUCTION 

A declarative semantics is a highly desirable property for a programming language. It of- 
fers a clean theoretical foundation for the language, allows to prove program properties 
such as correctness and operational equivalence and guarantees platform independence. 
Declarative programs tend to be shorter and clearer as they contain, ideally, only informa- 
tion about the modeled problem and not about control. 

Constraint Handling Rules (CHR) [Frith wirth 1994; 1998; 2009] is a declarative 
committed-choice general-purpose programming language developed in the 1990s as a 
portable language extension to implement user-defined constraint solvers. Operationally, 
it mixes rule-based multiset rewriting over constraints with calls to a built-in constraint 
solver with at least rudimentary capabilities. It is Turing complete and it has been shown 
that every algorithm can be implemented in CHR with optimal time complexity [Sney- 
ers et al. 2005]. Hence, it makes an efficient stand-alone general-purpose programming 
language. 

Constraint Handling Rules with Disjunction (CHR V ) [Abdennadher and Schiitz 1998] 
extends the inherently non-deterministic formalism of CHR with the possibility to include 
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backtracking search and thus to embed horn programs. It features both don't-care and 
don't-know non-determinism. We can justly describe it as a multi -paradigm declarative 
programming language. 

Owing to its heritage in logic programming and constraint logic programming, CHR 
features a declarative semantics in classical logic. We have shown that for certain classes of 
programs, the classical declarative semantics of CHR reflects the functionality of a program 
but poorly [Betz and Fruhwirth 2005]. Operationally, CHR is a state transition system 
whereas the classical declarative semantics considers all states in a derivation as logically 
equivalent. Hence, the directionality of the rules, the inherent non-determinism of their 
execution and any change of state eludes this declarative semantics. 

Linear logic is a sub-structural logical formalism [Girard 1987] that has been shown to 
bear a close relationship to concurrent committed-choice systems [Miller 1992; Fages et al. 
2001]. It shows that it is well-suited to model the committed-choice rules of CHR. It fur- 
thermore allows a faithful embedding of classical logic, so we can straightforwardly embed 
the constraint theory underlying the built-in constraint solver into linear logic. Linear logic 
thus enables us to model the two reasoning mechanisms of CHR in a single formalism. 
Moreover, it shows that we can encode CHR V into linear logic in a way that preserves its 
characteristic dichotomy of don't-know and don't-care non-determinism. 

In this article, we propose a linear-logic semantics for CHR and CHR v ee that incor- 
porates all the features mentioned above. We found the semantics on the intuitionistic 
segment of linear logic as it suffices for our purpose while being easier to handle than the 
full segment. We propose two variants of the semantics. The first variant is based on intro- 
ducing proper axioms in the sequent calculus of linear logic. The second variant is similar 
to the semantics previously published in Betz and Fruhwirth [2005] and Betz [2007]. The 
first formulation allows for considerably more elegant proofs, in particular of its soundness 
and completeness. The second formulation allows to perform a broader range of reasoning 
tasks. As we formalize and prove the equivalence of both representations, so we can use 
either representation according to the respective application. 

This article is structured as follows: 2 In Sect. 2, we recall the syntax and operational 
semantics of CHR. 3 In Sect. 3, we introduce the intuitionistic segment of linear logic. 4 
In Sect. 4, we develop a linear-logic semantics for constraint handling rules, and we show 
its soundness and completeness with respect to the operational semantics. 5 In Sect. 5, we 
extend our semantics to CHR V and prove its soundness and completeness. We show that 
the linear-logic semantics allows in general for less precise reasoning over CHR V than over 
CHR. We then introduce a well-behavedness property for CHR V programs that amends this 
limitation. In Sect. 6, we show how our semantics can be applied to reason about program 
observables as well as to compare programs even across the boundaries of programming 
paradigms. In Sect. 7, we discuss related work before we conclude in Sect. 8. 

2. CONSTRAINT HANDLING RULES 

In this section, we recall the syntax and the operational semantics aj e of Constraint Han- 
dling Rules. 

2.1 The Syntax of CHR 

We distinguish two disjoint classes of atomic constraints: atomic built-in constraints and 
atomic user-defined constraints. We denote the former as Cb(t) and the latter as c u (t), where 
c u ,Cb are n-ary constraint symbols and t is a sequence of n terms. Built-in constraints and 
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user-defined constraint are possibly empty conjunctions of their respective atomic con- 
straints. A conjunction of atomic constraints in general, irrespective of their class, is called 
a goal 1 . Empty goals and empty constraints are denoted as T. 
The syntax of constraints is summarized in Def. 2.1. 

Definition 2.1 Constraint Syntax. Let Cb(t),c u (t) denote an «-ary atomic built-in 
or user-defined constraint, respectively, where t is an n-ary sequence of terms: 

Built-in constraint: B ::= T | c b (t) | B A B' 

User-defined constraint: U ::= T | c u {t) | U A U' 
Goal: G ::= T | c„(f) | c b (t) | G A G' 

T stands for the empty constraint or the empty goal, respectively. The set of built-in 
constraints furthermore contains at least falsity ±, and the binary constraint =, standing for 
syntactic equality. For any two goals G, G', the goal equivalence relation G = G G' denotes 
equivalence with respect to the associativity and commutativity of A and the neutrality of 
the identity element T. 

Both built-in and user-defined constraints are special cases of goals. The goal equiv- 
alence relation G = c G' does not account for idempotence, thus implicitly imposing a 
multiset semantics on goals. For example, c„(f) A c u (t) £ c c u (t). We denote the set of 
variables occurring in a goal G as vars(G). 

A CHR program is a set of rules adhering to the following definition: 

Definition 2.2 Rule Syntax. (1) A CHR rule is of the form 

r @ Hi \ H 2 o G | B u A B b 

The rule head H\ \ H2 consists of the kept head H\ and the removed head Hi. Both H\ , H2 
are user-defined constraints. At least one of them must be non-empty. The guard G is a 
built-in constraint. The rule body is of the form B b A B u , where Bb is a built-in constraint 
and B u is a user-defined constraint, r serves as an identifier for the rule. 

(2) The identifier r is operationally irrelevant and can be omitted along with the @. An 
empty guard G = T can be omitted along with the |. A rule with an empty kept head H\ 
can be written as r @ Hi <=> G \ B u A Bb. Such a rule is called a simplification rule. A 
rule where the removed head Hi is empty can be written as r @ H\ => G \ B u A Bb- Such 
a rule is called a propagation rule. A rule where neither H\ nor H2 are empty is called a 
simpagation rule. 

(3) A variant of a rule r @ H\ \ H2 G \ B u A Bb with variables x is of the form 
(r @ H\ \ H 2 <=> G I B u A B h )[x/y] where y is an arbitrary sequence of pairwise distinct 
variables. 

(4) A CHR program is a set of CHR rules. 

In anticipation of Section 2.2, we point out that propagation rules may cause trivial non- 
termination of programs as they do not in general eliminate the pre-condition of their firing. 
Hence, precautions have to be taken. We refer the reader to Abdennadher [1997] and Duck 
et al. [2004] for the most common approach based on keeping a history of applied rules and 



'Note that the term goal is used in CHR for historical reasons and does not imply that program execution is 
understood as proof search. 
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to Betz et al. [2010] for a more recent approach based on finite representations of infinite 
program states and computations. 

2.2 The Equivalence-Based Semantics a> e 

In this section, we recall the operational semantics of CHR. Several formalizations of the 
operational semantics exist in the literature. We choose the so-called equivalence-based 
semantics a> e as it contains all the elements that we represent in our linear-logic semantics 
while allowing for elegant proofs of theoretical properties. 

Operationally, built-in and user-defined constraints are handled separately. For the 
handling of built-in constraints, CHR requires a so-called predefined constraint handler 
whereas user-defined constraints are handled by the actual user program. We assume that 
the predefined solver implements a complete and decidable first-order constraint theory 
CT over the built-in constraints. 

Definition 2.3 Constraint Theory. A constraint theory CT is a decidable theory of intu- 
itionistic logic over the built-in constraints. We assume that it is given as a set of formulas 
of the form 

a ::= V(3x.B -> Bx'.B') 

called CT -axioms where B, B' are possibly empty built-in constraints and x, x' are possibly 
empty sets of variables. 

It should be noted that defining constraint theories explicitly over intuitionistic rather 
than full classical logic is non-standard. It is, however, an unproblematic decision be- 
cause in the operational semantics only judgements over conjunctions of positive literals 
are considered. Furthermore, this decision allows us to restrict ourselves to the intuitionis- 
tic fragment of linear logic when translating constraint theories into linear logic. 

CHR itself is a transition system over equivalence classes of program states, which are 
defined as follows: 

Definition 2.4 CHR State. (1) A CHR state is a tuple of the form S = <G; V) where G 
is a goal called constraint store and V is a set of variables called global variables. 

(2) For a CHR state S = (U A B; V), where U is a user-defined constraint and B is a 
built-in constraint, we call 

(a) Ts (vars(U) U vars(B)) \ V the local variables of S and 

(b) Ss -'-Is \ vars(U) the strictly local variables of S. 

(3) A variant of a state S = (G; V) with local variables / is a state S ' of the form S ' = 
(G[l/x\; V), where x is a sequence of pairwise distinct variables that do not occur in 
V. 

The state transition system that formalizes the operational semantics builds on the fol- 
lowing definition of equivalence between CHR states: 

Definition 2.5 Equivalence of CHR States. In the following, let U, U' denote arbitrary 
user-defined constraints, B, B' built-in constraints, G, G' goals, V, V sets of variables v 
a variable and t a term. State equivalence, written as • = e •, is the smallest equivalence 
relation over CHR states that satisfies all of the following conditions: 

( 1 ) ( Goal Transformation ) 

G =c G' => <G;V> = e <G';V> 
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(2) ( Equality as Substitution ) 

<U A x = t A B; V) = e <U [x/t] A x = t A B; V) 

(3) (Application ofCT) Let 5, s' be the strictly local variables of <U A B; V), <U A B'; V). 
If CT \= 3sM <-> 3s'. B' then: 

<UAB;V) = e (U AB';V) 

(4) (Neutrality of Redundant Global Variables) 

x <£ vars(G) => (G; \x) U V) = e <G; V) 

(5) (Equivalence of Failed States) For all goals G, G' and all sets of variables V, V: 

(Gai;V) = e (G A J_; V) 

Where there is no ambiguity, we usually write • = • rather than ■ = e ■. 

While we generally impose a multiset semantics over goals, Definition 2.5.3 implicitly 
restores the set semantics for built-in constraints within states. When discussing pure CHR 
- as opposed to its generalization CHR V (cf. Sect.5) - we will usually consider states in 
the following normal form: 

Definition 2.6 Normal Form of CHR States. A CHR state S is considered in normal 
form if it is of the form S = (U A B; V) where U is a user-defined constraint called the 
user-defined store and B is a built-in constraint called the built-in store. Such a state is 
usually written in ternary notation: (U; B; V). 

Any state with an inconsistent built-in store is called a failed state as formalized in the 
following definiton: 

Definition 2.7 Failed State. Any CHR state S = <U; ±; V) for some G, V is called a 
failed state. We use S ± = (T; ±; 0) as the default representative for the set of failed states. 

The following lemma states several properties following from Def. 2.5 that have been 
presented and proven in Raiser et al. [2009]: 

Lemma 2.8 Properties of State Equivalence. The following properties hold in general: 

(1) (Renaming of Local Variables) 

(U; B; V) = <U [x/y] ; B [x/y] ; V) 

for x i V and y £ V and y does not occur in U or B. 

(2) (Partial Substitution) Let U [x 1 1] be a user-defined constraint where some occur- 
rences of x are substituted with t: 

<U; x = t, B; V> = <U [x 1 1] ; x = t, B; V) 

(3) (Logical Equivalence) If 

(U;B;V) = <U';B';V> 

then CT \= (31.15 A B) <-> (31'. W A B'), where 1,1' are the local variables of 
<U; B; V), <U'; B'; V), respectively. 
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Lemma 2.8.1 allows us to assume without loss of generality that the local variables 
of any two specific states are renamed apart. Concerning Lemma 2.8.3, note that logical 
equivalence of 31. U A B and 31'. W A B' is a necessary but not a sufficient condition for state 
equivalence. The linear logic semantics will enable us to formulate a similar condition that 
is both necessary and sufficient (cf. Sect. 4.2). 

The task of deciding equivalence - and more so: non-equivalence - is not always trivial 
using the axiomatic definition. We quote Theorem 2.10 which gives a necessary, sufficient, 
and decidable criterion. It uses the following notion of matching: 

Definition 2.9 Matching of Constraints. For user-defined constraints U = ci(fi) A ... A 
c„(/„), U' = c'j(/j) A ... A c' m (F m ), the matching relation U = U' holds if and only if n - m 
and there exists a permutation cr such that 

n 

The following theorem has been published and proven in [Raiser et al. 2009]. 

Theorem 2.10 Criterion for = e . Consider CHR states S = <U;B;V),S' = (U';B';V) 
with local variables I, T that have been renamed apart. Then S = S ' if and only if; 

CT \= V(B -> 3/'.((U=U') A B')) A V(B' -> 3Z.((U=U') A B)) 

We define the notion of local variables of CHR rules, which is necessary for the defini- 
tion of the operational semantics: 

Definition 2.1 1 Local Variables in Rules. For a CHR rule r @ Hi \ H 2 <=> G \ B u A B b , 
we call the set 

y r = vars(B u , Bb, G) \ vars(H\ , H 2 ) 

the local variables of r. 

The transition system constituting the operational semantics of CHR is specified in the 
following definition: 

Definition 2.12 Transition System ofa> e . CHR is a state transition system over equiva- 
lence classes of CHR states defined by the following transition rule, where (r @ H\ \ H2 <=> 
G I B u A Bb) is a variant of a CHR rule whose local variables y r are renamed apart from 
any variable in vars(H\ , H2, U, B, V): 

r@Hi\H 2 ^G\B u AB b CT |= 3(G A B) 

[(Hi A H 2 A U; G A B; V)] ^> r [(Hi A B c A U; G A B h A B; V)] 

If the applied rule is obvious from the context or irrelevant, we write transition simply 
as i->. We denote its reflexive-transitive closure as In the following, we sometimes 
write XhT instead of [S] h-> [T] to preserve clarity. 

The required disjointness of the local variables y r from all variables occurring in the pre- 
transition state outside G enforces that fresh variables are introduced for the local variables 
of the rule. When reasoning about programs, we usually refer to the following observables: 
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Definition 2.13 Computables States and Constraints. Let S be a CHR state, P be a pro- 
gram, and CT be a constraint theory. We distinguish three sets of observables: 

Computable states: C r ,cr(S) ::= {[T] \ [S] [T]} 

Answers: ^crtf) ::= {[T] | [S] ■-»' [T] ^} 

Data-sufficient answers: S p ,ct(S) ::={[<T;B; V)] | [S] h+* [<T;B;V>]} 

For all three sets, if the respective constraint theory CT is clear from the context or not 
important, it may be omitted from the identifier of the respective set. 

As the transition system does not allow transitions from an empty user-defined store 
(nor from failed states), the data-sufficient answers Sp,cr(S) are a subset of the answers 
&¥,ct(S) of any state S . The following property follows directly: 

Property 2.14 Hierarchy of Observables. For any state S , program P and constraint 
theory CT, we have: 

Sv,ct(S) c J[ rCT {S) c Cv,cr(S) 

Confluence is an important property in transition systems. We define it in the usual 
manner: 

Definition 2.15 Confluence. A CHR program P is confluent if for all states S,T,T' such 
that [S] h->* [T] and [S] [7"], there exists a state T" such that [T] i->* [T"] and 
[T'] i — [7"']. 

Confluence restricts the number of possible answers to a query: 

Property 2.16. Let P be a confluent CHR program. Then for every CHR state S , we 
have \Sr(S)\ € {0, 1} and fflt(S)\ e {0, 1}, where \ ■ \ denotes cardinality. 

Proof sketch. We assume that for some states S,T,T' and some confluent program P, 
we have S h+* T ^ and S h^* V \fr and [T] + [T']. Applying Def. 2.15 leads to a 
contradiction. □ 

A necessary, sufficent and decidable criterion for confluence has been given in Abden- 
nadher et al. [1996]. Example 2.17 presents a standard CHR example program to illustrate 
our definitions. 

Example 2.17. The following program implements a solver for the (user-defined) 
partial-order constraint <. Rule rj implements idempotence of identical constraints, r R 
implements reflexivity, r s symmmetry and r T transitivity of the partial-order relation: 

rj @ x < y A x < y <=> x < y 

r R @ x < x <=> T 

r$ @ x < y Ay < x <=> x — y 

r T @ x <y Ay < z => x < z 

The following is a sample derivation, starting from an initial state So = {a<bAb< 
c A c < a; T; {a, b, c}). According to the usual practice, all variables occurring in the initial 
state are global. Equivalence transformations are stated explicitly: 
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{a < b A b < c A c < a; T; {a, b, c}) (1) 
= {x < y A y < z A c < a; x = a A y = b A z - c; {a, b, c}) 

i — * rr { x < z A x <y Ay < z A c < a\x ± a Ay ± b Az - c\{a,b, c}) 

= {a < c A a < b A b < c A c < a; T;{a,b,c}) (2) 
= (x < y A y < x A a < b A b < c; x — a A y — c; {a, b, c}) 

h^ rs (a < b A b < c; x — y A x — a A y — c; {a, b, c}) 

= (a < b A b < c; a = c; {a, b, c}) (3) 
= (x < y A y < x; x = a A y = b A a — c;{a,b,c}) 

I— > rs (T; x — y A x — a A y — b A a — c; {a, b, c}) 

= (T; a = b A a = c; {a,b, c}} (4) 

Usually, we do not make equivalence transformations explicit and list only states where 
local variables are eliminated as far as possible such as the labeled states (l)-(4). The 
derivation is then reduced to: 

( a < b A b < c A c < a; T; {a, b, c}) (1) 

i-/ 7 ( a < c A a < b A b < c A c < a ; T; {a, b, c}) (2) 

h^' 5 ( a < b A b <c ; a ± c; {a, b, c}) (3) 

\-^ rs (T; a = b A a = c; {a, b, c)> (4) 

With respect to our observables, we have: 

Sp,ct(So) = JIp,ct(So) = {[(T; a — b A a — c;{a,b, c}>]} 

The set Cr,cT(So) is infinite as the operational semantics to e allows potentially unlimited 
applications of r T . 

3. INTUITIONISTIC LINEAR LOGIC 

Linear logic was introduced by Girard [1987]. Unlike classical logic, linear logic does not 
allow free copying or discarding of assumptions. It furthermore features a fine distinction 
between internal and external choice and a faithful embedding of classical logic. In this 
section, we recall the intuitionistic fragment of linear logic, which is easier to handle than 
the full fragment but sufficient for our declarative semantics. It allows for a straightforward, 
faithful embedding of intuitionistic logic. 

3.1 Definition 

We will give the formal definition in terms of a sequent calculus. The calculus is based on 
binary sequents of the form 

T h a 

where Y is a multiset of formulas (written without braces) called antecedent and a is a 
formula called consequent. A sequent T h a represents the fact that assuming the formulas 
in T, we can conclude a. A proof tree - or simply: proof - is a finite labeled tree whose 
nodes are labeled with sequents such that the relationship between every sequent node and 



ACM Transactions on Computational Logic, Vol. V, No. N, Month 20YY. 



Linear-Logic Based Analysis of Constraint Handling Rules with Disjunction • 9 



its direct children corresponds to one of the inference rules of the calculus. We distinguish 
a special set of sequents called axioms. A proof tree is called complete if all its leaves are 
axioms. We call a sequent F h a valid if there exists a complete proof tree n with F h a at 
the root. 

The following two structural rules are common to many logical systems. They establish 
reflexivity and a form of transitivity of the judgement relation. 

T h a a, A h/3 
(Identity) FTTfl ^ Cut > 



The tokens of (intuitionistic) linear logic are commonly considered as representing re- 
sources rather than truths. This terminology reflects the fact that assumptions may not be 
copied nor discarded freely in linear logic, but must be used exactly once. From a different 
point of view, we might say that linear logic consumes assumptions in judgements and is 
aware of their multiplicities. 

Multiplicative conjunction is distinguished from classical or intuitionistic conjunction as 
it lacks idempotence. Hence, a ® p represents exactly one instance of a and one instance 
of p. The formula a is not equivalent to a ® a. Multiplicative conjunction is introduced by 
the following inference rules: 

T,a,P Vy tT r h or A h /? 

( L ® ) -F^n 7TZ ( R ® ) 



r, a ® p h y v r, A I- a ® p 

The constant 1 represents the empty resource and is consequently the neutral element 
with respect to multiplicative conjunction. 

1 h <! (LI) — (AM) 



r, 1 h a v ' hi 

Linear implication -o allows the application of modus ponens where the preconditions 
of a linear implication are consumed on application. For example, the sequent a ® (a -o 
P) h p is valid whereas a <g> (a ^> y6) h a ® p is not. The following inference rules introduce 



Tha j6,Ahy _^ r>h_g 

r, a -o yS, A h y ^ } T\-a^p ^ } 

The / ("bang") modality marks stable facts or unlimited resources, thus recovering 
propositions in the classical (or intuitionistic) sense. Like an classical proposition, a 
banged resource may be freely copied or discarded. Hence, \a <8> \(a -o p) h \a ® !y3 is 
a valid sequent. Four inference rules introduce the bang: 

T h o- T, a h/3 

,V n (^ ! ) F~i — Tfl (Dereliction) 

!1 h!a' r, !a h p 

r, !a, !a h p V \- p 

— — — (Contraction) — (Weafcen/n?) 

r, !ar h p 1 , iff h p 

Example 3.1. We can model the fact that one cup of coffee (c) is one euro (e) as !(e ^> 
c). A "bottomless cup" is an offer including an unlimited number of refills. We assume 
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j-j^ (Identity) (Identity) 
(Dereliction) — (Dereliction) 

C h C C h C . 

— (R<8>) 



!c, !c h c (Si c 

(Identity) — : (Contraction) 

eve J \cv c%c /T 

; (L -°) 

e -o c, e h c <S> c 

— (R^) 



e-°\c\-e-°v,vy* ,. 

— — (Dereliction) 

\(e -° \c) \- e —o c ® c 



Fig. 1. A sample proof tree 

that any natural number of refills is possible. We model this as \{e -o !c). From this, we 
may judge that it is possible to get two cups of coffee for one euro: !(e -o !c) h e -o c ® c. 
Fig. 3.1 gives an examplary proof tree, proving this judgement. 

In classical (and intuitionistic) logic, internal choice is an aspect of conjunction, as ex- 
emplified by the judgement a A fi h a. This is inherited by the additive conjunction & 
of linear logic. The formula a&/3 expresses a choice between a and /3, i.e. the sequents 
or&yS h a and h a are valid, but a&/3 \- A ® Z? is not. 

(L&0 - ^- 7 (L& 2 ) — — Z (R&) 



T, a&/3 Y-y T, h y v y T h 

The T ("top") is the resource that all other resources can be mapped to, i.e. for every 
a, the implication a -o T is a tautology. It is hence the neutral element with respect to 
additive conjunction. 

(RT) 



External choice is an aspect of classical (and intuitionistic) disjunction. In linear logic, 
it is represented by the additive disjunction ©. Analogous to classical logic, a ffi j3 h a is 
not valid. However, \(a -o y), \(/3 -o y), a ®/3 h y is valid. 

Analogous to falsity in the classical sense, absurdity is a constant that yields every 
other resource. It is the neutral element with respect to ffi. 

(L0) 



Oho; 



Example 3.2. We assume that, besides coffee, the cafeteria offers also pie (p) at the 
price of one euro per piece: \{e -o p). We infer that for one euro, we have the choice 
between an arbitrary amount of coffee and a piece of pie: !(e ^> !c), !(e -o p) h e -o 
(Ic&p). Let us furthermore assume that rather than with euros, we can also pay with 
dollars (d) at a 1 : 1 ratio: \{d -o !c), \{d -o p). We may infer either one of one dollar or 
one euro buys us a choice between an arbitrary amount of coffee and one pie.: 

\{e -o !c), !(e -o p), \{d -o \c), \{d -o p) h (e © d) -o (!c&p). 
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We can extend intuitionistic linear logic into a first-order system with the quantifiers 3 
and V. Their introduction rules are the same as in classical logic. In the following rules, t 
stands for an arbitrary term whereas a stands for a variable that is not free in F, a or j3: 

r, «[*/*] hi (JSh r^B[ x /a] 



r, a[x/a] h 8 T\-B[x/t] 

tM^T iL3) TMjt ^ 
3.2 Properties of Intuitionistic Linear Logic 

The resulting first-order system allows for a faithful embedding of intuitionistic first order 
logic. This is widely considered one of the most important features of linear logic. The 
following translation from intuitionistic logic into intuitionistic linear logic is a variant of 
a translation proposed by Negri [1995]: 

Definition 3.3. (•)* is a translation from formulas of intuitionistic logic to formulas of 
intuitionistic linear logic, recursively defined by the following rules: 



Pit)' 


:= lp(T) 


(±r 


:= 


or 


:= 1 


(A a By 


:= A* ® B* 


(A v By 


:= A* e B* 


(A -> By 


■- \{A* -o B*) 




:= \Vx.(A*) 


(3x.Ay 


:= 3x.(A*) 



p(t) stands for an atomic proposition. The definition is extended to sets and multisets of 
formulas in the obvious manner. It has been proven in Negri [1995] that an intuitionistic 
sequent (F \-n a) is valid if and only if (T* \-m a*) is valid in linear logic. 

We distinguish two sorts of axioms in the sequent calculus. The {Identity) axiom and the 
constant axioms (LI), (Rl), (LO) and (RT) constitute the logical axioms of intuitionistic 
linear logic. All axioms we add to the system on top of these are called non-logical axioms 
or proper axioms. We usually use the letter 2 to denote the set of proper axioms. 

We express the fact that a judgement r h a is provable using a non-empty set 2 of proper 
axioms by indexing the judgement relation with the set of proper axioms: h£. 

Definition 3.4 Linear-Logic Equivalence. (1) We call two linear-logic formulas a, B 
logically equivalent if both a h /3 and /3 h a are provable. We write this as a hi- p. 

(2) For any set of proper axioms S, we call two linear-logic formulas a, ft logically 
equivalent modulo S if both av->_fi and /3 h 2 a are provable. We write this as a Hh 2 j3. 

As a well-behaved logical system, linear logic features a cut-elimination theorem [Girard 
1987]: 

Theorem 3.5 Cut Elimination Theorem. (1) If a sequent Y h a has a proof n that 
does not contain any proper axioms, then it has a proof n' that contains neither proper 
axioms nor the (Cut) rule. 
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(2) If a sequent T hj a has a proof n containing proper axioms, then it has a proof iz' 
where the (Cut) rule is only used at the leaves such that one of its premises is an axiom. 

A proof without any applications of (Cut) is called cut-free. A proof where (Cut) is only 
applied at the leaves is called cut-reduced. 

A important consequence of cut elminiation is the subformula property. We quote a 
weak formulation of the property, which will suffice for our purpose: Every formula a 
in a cut-free proof of a sequent F h /3 is a subformula of either F or /3, modulo variable 
renaming. In a cut-reduced proof of a sequent F h 2 [}, every formula a is a subformula of 
T or p, modulo variable renaming, or there exists a proper axiom (A h y) E S such that a is 
a subformula of A or y, modulo variable renaming. 

4. A LINEAR-LOGIC SEMANTICS FOR CHR 

In this section, we motivate and develop the linear-logic semantics for Constraint Handling 
Rules. We firstly recall the classical declarative semantics in Sect. 4.1. Then we motivate 
and present a linear-logic semantics based on proper axioms in Sect. 4.2. We will hence- 
forth call this the axiomatic linear-logic semantics for CHR. Its soundness with respect to 
the operational semantics is shown in Sect. 4.3. We continue in Sect. 4.4 by introducing the 
notion of state entailment, which we use to formulate and prove the completeness of our 
semantics in Sect. 4.5. Finally, in Sect. 4.6, we show an alternative linear-logic semantics 
that encodes programs and contraints theories into linear logic. 

4.1 Analysis of the Classical Declarative Semantics 

CHR is founded on a classical declarative semantics, which is reflected in its very syn- 
tax. In this section, we recall the classical declarative semantics and discuss its assets and 
limitations. 

In the following, 3_ f stands for existential quantification of all variables except those in 
x, where x is a set of variables. The classical declarative semantics is given in the following 
table, where (•) ' stand for translation to classical logic: 

States: (U^V) 1 " ::= 3_y.(U A B) 

Rules: (r@ H 1 \H 2 ^G\ B) 1 ::= V (G -> (H x -> (H 2 <-> 3y r .B))) 

Programs: {R u ...,R m }' 1 ' ::= RI A . . . A rI 

y r denotes the local variables of the respective rule. The following lemma - cited from 
Fruhwirth and Abdennadher [2003] - establishes the relationship between the logical read- 
ings of programs, constraint theories and states: 

Lemma 4. 1 (Logical Equivalence of States). Let ¥ be a CHR program and S be a state. 
Then for all computable states T x and T 2 ofS, the following holds: P 1 ", CT |= V(r] <-> T^). 

The declarative semantics of CHR must be distinguished from LP languages and related 
paradigms as CHR is not based on the notion of execution as proof search. Declaratively, 
execution of a CHR program means stepwise transformation of the information contained 
in the state under logical equivalence as defined by the program's logical reading P t and 
the constraint theory CT. Founding CHR on such a declarative semantics is an obvious 
choice for several reasons: 

Firstly, the notion of execution as proof search naturally implies a notion of search. This 
stands in contrast to the committed-choice execution of CHR. Furthermore, the forward- 
reasoning approach faithfully captures the one-sided variable matching between rule heads 
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and constraints in CHR, as opposed to unification. For example, a CHR state (p(x); T; 0) 
(where x is a variable) does not match with the rule head (p(a) <=> . . .) (where a is a 
constant) just as we cannot apply modus ponens on a fact 3x.p(x) and an implication 
(p(a) —»...). In contrast, an LP goal p(x) would be unified with a rule head (p(a) <—...), 
accounting for the fact that application of the rule might lead to a proof of an instance of 
p(x). 

There are, however, several limitations to the classical declarative semantics of CHR, 
which shall be discussed in the following: 

Directionality. One limitation lies in the fact that the classical declarative semantics 
does not capture the inherent directionality of CHR rules. Rather, all states within a com- 
putation are considered logically equivalent. Consider e.g. the minimal CHR program 

a <=> b 

In this program, we can compute a state (b; T; 0) from a state (a; T; 0) but not vice versa. 
This is not captured in its logical reading (a <-> b) which e.g. implies b — > a. The classical 
declarative semantics cannot be used e.g. to show that the state (a; T; 0) is not a computable 
state (b; T; 0). 

Dynamic Change. Any program state that does not only contain declarative information 
about a supposedly static object world but also meta-information about the program state 
eludes the semantics. Consider the following program which computes the minimum of a 
set: 

min(x),min(y) <=> x < y \ min(x) 

On a fixed-point execution, the program correctly computes the minimum of all arguments 
of min constraints found in the store at the beginning of the computation. Its logical read- 
ing, however, is unhelpful at best: 

Vx, y.x < y — > (min(x) A min(y) <-> min(x)) 

Deliberate Non-Determinism. Any program that makes deliberate use of the inherent 
non-determinism of CHR has a misleading declarative semantics as well. Consider the 
following program, which simulates a coin throw in an appropriate probabilistic semantics 
of CHR (cf. Fruhwirth et al. [2002]). (Note that coin is a variable, head and tail are 
constants.) 

throw(coin) <=> coin=head 
throw(coin) <=> coinMail 

The logical reading of this program implies Vcoin.(coin±head «-» coin^tail). From this 
follows headstall and - since head and tail are distinct constants - falsity _L. The pro- 
gram's logical reading is thus inconsistent, trivially implying anything. 

Multiplicities. Finally, while CHR faithfully keeps track of the multiplicities of con- 
straints, this aspect eludes the classical semantics. Consider the idempotence rule from 
Example 2.17, which removes multiple occurrences of the same constraint: 

rj @ x < y,x < y O x <y 

The logical reading of this rule is a tautology, falsely suggesting that the rule is redundant: 

Vx,y.(x < y A x < y <-> x < y) 
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Atomic built-in constraints: 
Atomic user-defined constraints: 
Falsity: 

Empty constraint/goal: 

Constraints/goals: 

States: 



c b (i) L 
c u (t) L 




(Gi A G 2 ) L 
<U;B;V> L 



Fig. 2. Translation of constraints, goals and states 



In conclusion, the classical declarative semantics is a powerful tool to prove the soundness 
and a certain notion of completeness of any program whose states contain only model 
information about a static object world and no explicit meta-information. It faithfully 
captures the logical theory behind those programs. However, it is not adequate to capture 
the logic behind programs that deal with any form of meta-information, make deliberate 
use of non-determinism or rely on the multiplicities of constraints. As it does not capture 
the inherent directionality of CHR rules, it is not suitable to prove safety conditions, i.e. to 
show that a certain intermediate or final state cannot be derived from a certain initial state. 

4.2 The Axiomatic Linear-Logic Semantics for CHR 

Our linear-logic semantics is based on two observations: Firstly, the difference in behaviour 
between built-in and user-defined constraints in CHR resembles the difference between 
linear and banged atoms in linear logic. Secondly, the application of simplification rules 
on user-defined constraints resembles the application of modus ponens in linear logic. 

Building on the first observation, we define an adequate representation of CHR con- 
straints in linear logic. Translation to linear logic will be denoted as (-) L - For atomic 
constraints, the choice is obvious: 



Classical conjunction is mapped to multiplicative conjunction for both built-in and user- 
defined constraints. 



This mapping is motivated by the fact that multiplicative conjunction is aware of multiplic- 
ities and has no notion of weakening, thus capturing the multiset semantics of user-defined 
constraints. For any built-in constraint B, the mapping equals the translation quoted in 
Def. 3.3: B L = B*. Accordingly, we map the empty goal T to 1 and falsity ± to 0. The 
translation of CHR states is analogous to the classical case: 

<U;B;V> £ ::= 3_ V .U L <g> B L 

The translation of constraints, goals and states is summed up in Fig. 4.2. 

Proper axioms. The constraint theory CT, the interaction between equality constraints 
(which are by definition built-in) and user-defined constraints, and programs are translated 
to proper axioms. Firstly, we define a set of proper axioms encoding the constraint theory 
as well as modelling the interaction between equality = and user-defined constraints. 

Definition 4.2 (I.ct)- For built-in constraints B,B' and sets of variables x, x' such that 
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CT \= 3x1 
3xM L h 3x':. 



3x'l 



C u (...,tj,...) 8> \(tj = u)b C„(...,W, ...)«> !(f/ - ") 



(r @ g| \ H 2 o G | B h A fi„) [x/y] e P 
H[®H^®G L hH\® 3y,-.(B L b <8> <8> G L ) 



(Zp) 



Fig. 3. The axiomatic linear-logic semantics, represented as inference rules 

CT |= Bjc.B -> Bx'.B', the following is a proper axiom: 

3x.B L h 3x'M' L 

We denote the set of all such axioms as I. CT . 

Definition 4.3 (T.±). If c u (t) is an n-ary user-defined constraint and tj, u are terms such 
that tj is the y'th argument of c u (t) then 

c„(..., tj, ...) <8> l(tj = u) h c 1( (..., m, ...) ® !(f; = u) 

is a proper axiom. We denote the set of all such axioms as £=. 

Definition 4.4 (L v ). If r @ Hi \ H 2 » G \ B h A B u is a variant of a rule with local 
variables y r , the sequent 

//f ® H\ ® G L h //f ® 3y r .(B^ ®B^® G L ) 

is a proper axiom. For a program P, we denote the set of all axioms derived from its rules 

as Sp. 

The existential quantification of the local variables y r corresponds to the fact that these 
variables are by definition disjoint from vars(H\ . Ih. 'J. B, V), assuring that fresh variables 
are introduced for the local variables of the rule. Fig. 4.2 sums up the three sets of proper 
axioms, represented as inference rules. 

In anticipation of the soundness theorem presented in Sect. 4.3, we give an example of 
a CHR derivation and show that it corresponds to a valid linear logic judgement: 

Example 4.5. Let P be the partial-order constraint solver from Example 2. 17 and let CT 
be a minimal constraint theory. We observe that under P, we have: 

[<3 <a;a = 3;0>] h^* [<T;T;0>] 

This corresponds to the judgement (3 < a;a = 3;0) L h £ (T;T;0) L or 3a. (3 < a ® \a = 
3) h£ 1, respectively, where S = Scr U2U US P . The following is a proof of this judgement: 

(Ep) (Identity) 



x<xhl !ji3hki3 ,„ 

*<*,!* ±3 hi®!* ±3 ' 
2ct- : 7—: : r (to) 



3<j»h±3Hj(<j«!j:i3 a'<a:®!x±3h1«!x±3, 
(Cm/) (^rr) 

■ ■ 5 . C " f 

3 ^ 8Lt ' = 3hl 03) 
3a.(3 < a 8 !a = 3) h 1 

The sequent l<g>!x = 3hlisa tautology and as such could be derived without proper 
axioms, but it is also trivially included in I. CT . 

While the soundness result for our semantics is straightforward, defining completeness 
is not quite as simple. Consider the following example: 
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Example 4.6. In the proof tree given in Example 4.5 we use the following proper axiom 
from I,ct'- 

1 ® \x = 3 I- 1 

This implies: 

{T;x±3;{x}) L h 2 (T; T; %) L 

We observe, however, that (T; x = 3; {x}) t->* (T; T; 0) is untrue. 

In the following section, we prove the soundness of our semantics. In Sect. 4.4, we 
develop the notion of state entailment. We will apply this notion to specify and prove a 
completeness result in Sect. 4.5. 

4.3 Soundness of the Linear Logic Semantics 

In this section, we prove the soundness of the axiomatic linear-logic semantics for CHR 
with respect to the operational semantics. 

Lemma 4.7 (= e =>h). Let CT be a constraint theory and S = £cr U £±. For arbitrary 
CHR states S,T, we have: 

S = e T => S L h T L 

Proof sketch. We prove that state equivalence S = e T implies linear judgement S h T 
by showing that every of the conditions given for S = e T in Def. 2.5 implies S h T: 
Def. 2.5.1 implies linear judgement since multiplicative conjunction is associatice, commu- 
tative and invariant w.r.t. T, thus corresponding to goal equivalence. ForDef. 2.5.2, linear 
judgement is guaranteed, as S= allow us to prove 3-y.U ® x = t ® B 3_v.U [x/ 1 ] ® x = 
t ® B. ForDef. 2.5.3, it is similarly guaranteed by S C r- Def. 2.5.4 implies linear judgement 
since the addition or removal of a global variable not occurring in a state does not change 
the logical reading of the state. W.r.t. Def. 2.5.5, linear judgement holds since ip ® h if/ is 
valid for any tp, iff. All the above arguments can be shown to apply in the reverse direction 
as well, thus proving compliance with the implicit symmetry of ■ = ■. The implicit reflexivity 
and transitivity of state equivalence comply with linear judgement due to the (Identity) and 
(Cut) rules. □ 

Theorem 4.8 states the soundness of our semantics. 

Theorem 4.8 Soundness. Let ¥ be a program, CT be a constraint theory, and 2 = Sp U 
~Lct U S±. Then for arbitrary states S,T, we have: 

S ^* T => S L h 2 T L 

Proof. Let S,T be states such that S i— > r T . According to Def. 2.12, there exists a 
variant of a rule with fresh variables r @ H\ \ H2 <=> G | B u A Bt, and states S ' = 
{H x AH 2 AU;GAB;V), T = (B u A H\ A U; B b A G A B; V) suchthatS' = S andT' = T. 
Consequently, E P contains: 

H\®H%® G L h 2 H\ ® 3y r .(B L h ®B L U ® G L ) 

From which we prove: 

3_ v .//[ ® ® G L ® U ® B h s I .//' ® 3y r .(B L b ® ® G L ) ® U ® B 
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The local variables y r of r are by Def. 2.12 disjoint from vars(H\ , H2, U, B, V). Hence, we 
have: 

3_ v .//f ® H\ ® G L ® U ® B h z 3_y.Hf ® G L ® fi£ ® B L U ® U ® B 

7fc corresponds to S' L \-z T' L . Lemma 4.7 proves that S L hj; T £ . As f/;e judgement 
relation h is transitive and reflexive, we can generalize the relationship to the reflexive- 
transitive closure S 7\ □ 

4.4 State Entailment 

In this section, we define the notion of entailment, which we will use to formulate our 
theorem of completeness. We present it alongside various properties that follow from it 
and that will be used in upcoming sections. 

Definition 4.9. State entailment, written as • > is the smallest partial-order relation 
over equivalence classes of CHR states that satisfies the following conditions: 

(1) (Weakening of the Built-in Store) For states (U; B; V), <U; B'; V) with local variables 
s, s' such that CT |= V(35.B -> 35.B'), we have: 

[<U;B;V>] > [<U;B';V>] 

(2) (Omission of Global Variables) 

[<U;B;{x}U V)] > [<U;B;V>] 

To simplify notation, we often write S > S' instead of [S] > [S']. Theorem 4.10 gives 
a decidable criterion for state entailment. The criterion requires that the global variables 
of the entailed state are contained in the global variables of the entailing state. This is 
never a problem, as we may choose representatives of the respective equivalence classes 
that satisfy the condition. 

Theorem 4.10 Criterion for >. Let S = <C;B;V),5' = <C';B';V> be CHR states 
with local variables I, I' that have been renamed apart and where V C V. Then we have: 

[S] > [S'] <=> CT \= V(B -> 3/'.((U=U') A B')) 

Proof. '=> ': We show that the explicit axioms of entailment, as well as the implicit 
conditions reflexivity, anti-symmetry and transitivity comply with the criterion: 

Def. 4.9.1. We assume w.l.o.g. that the strictly local variables o/(U;B; V),(U;B'; V) 
are renamed apart. We observe that (U=U) is a tautology for any U. Hence, from CT |= 
V(3s.B ^ 3s.W) follows CT \= V(3s.B -> l/'.C J- J) A B'), which proves: CT |= V(B 
3/'.((U=U) A B')) 

Def. 4.9.2. Let I be the local variables of (U; B; {x} U V). For any x we have: CT \= 
V(B -4 3x.3/.((U=U) A B)) 

Reflexivity. Let <U; B; V), <U'; B'; V) be CHR states such that [<U;B;V>] = 
[<U';B';V>], i.e. (U;B;V) = <U';B';V>. Assuming that the local variables 1,1' have 
been named apart, Thm. 2.10 implies CT |= V(B -> 3y'.((U=U') A B')). 

Anti-Symmetry. Let (U; B; V), (IT; B'; V) be CHR states with local variables I, V such 
that CT \= V(B -> 3/'.((U=U') A B')) and CT \= V(B' ^ 3/.((U=U') A B)). By Thm. 2.10, 
we have that <U; B; V) = <U'; B'; V) and hence [<U; B; V)] = [<U'; B'; V')]. 
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Transitivity. Let <U;B; V), <U';B'; V>,<U";B"; V"> be CHR states where the local 
variables I, V , I" have been renamed apart and such that CT |= V(B — > 3/' .((U=U') A B')) 
and CT |= V(B' -» 3/".((U'=U") A B")). Therefore, CT \= V(B -> 3y'.((U=U') A 
3/"_.((U'=U") A B"))). A* r/ie iefi of/oca/ variables are disjoint, we get CT \= V(B -» 
3/'/".((U=U') A (U'=U") A B")) and finally 

CT \= V(B -> 3/".((U=U") A B")) 

'<=': Lef 5 = <U;B; Y),S' = <U';B'; V) be CHR states with local variables y,y' that 
have been renamed apart and such that V C V and CT \= V(B — > 3y'.((U=U') A B')). Wfe 
apply Def. 4.9.1 to infer: S > (U; (U = U') A B'; V). By Def. 2.5.2 and Def. 2.5.3, we get 
S > <U';B'; V). Since V c V, several applications of Def. 4.9.2 give us S > <U'; B'; V) = 
5'. □ 

Corollary 4. 1 1 is a direct consequence of Theorem 2.10 and Theorem 4. 1 0. It establishes 
the relationship between state equivalence and state entailment. 

Corollary 4.11 <>). For arbitrary CHR states S,T, state equivalence S = e T 
holds if and only if both S > T and T > S hold. 

Lemma 4.12 establishes an important relationship between state transition and state en- 
tailment. 

Lemma 4.12. Let S, U, T be CHR states. IfS > U and U i-» r T then there exists a state 
V such that Sh'V and V >T. 

Proof. Let S = ("J: B; V) and let ys,yu,yr be the local variables ofS, U, T. By defini- 
tion, U i — * r T implies that there is a variant of a CHR rule r @ (Hi \ H2 G \ Bj, A B u ) 
such that [U] = [(Hi A H 2 A U; G A B; V>] and [T] = [(Hi A B u A U; G A B b A B; V)]. 

Now let V = (Hi A B u A U;G A B b A B A (U=(//i A H 2 A U) A B; V). From [S] > [U] 
follows by Thm. 4.10: CT \= V(B 3yu.((U=(Hi A H 2 A U)) A G A B)). Assuming w.l.o.g. 
thaty s r\yu = 0, we can apply Def. 2.5.3 to get S = (U;B AGAB A(U=(//i A# 2 aU)); V) 
anJ rten 5 = <(Hi A// 2 aU;BaGaBa (U=(//i A H 2 A U)); V). According to Def. 2.12, 
we have S i-» r V. We a/?/?Zy De/ 4.9 fo i/zow f/zaf V > T. □ 

In anticipation of Section 4.5, the following example shows how the notion of entailment 
fills the gap between the computability relation between states and the judgement relation 
between their respective linear-logic readings. 

Example 4.13. In Example 4.6, we showed that the following judgement, which does 
not correspond to any transition in CHR, is provable in our sequent calculus system: 

(T;x±3;{x}) L h 2 (T; T; %) l 

We observe that the two states are connected by the entailment relation: 

(T;x = 3;{x})>(T;T;0) 

In the following section, we will show that state entailment precisely covers the discrep- 
ance between transitions in a CHR program and judgements in its corresponding sequent 
calculus system as exemplified in Example 4.6 
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4.5 Completeness of the Axiomatic Semantics 

The notion of merging is an important tool for the proofs in this section. We define it as 
follows: 

Definition 4.14 (■*■). Let S = (U; B; V), S' = <U';B'; V) be CHR states that share the 
same set of global variables and whose local variables are renamed apart. Their merging is 
defined as: 

S oS' ::= (UAU';BAl';V) 

The following property assures that we can without loss of generality assume the exis- 
tence of S o T for any two states S, T: 

Property 4.15. For any CHR states S , T, there exist states S',T' where S = S',T = T 
such that S ' o T exists. 

Proof sketch. Lemma 2.8.1 allows to rename the local variables apart, and Def. 2.5.4 
allows the union of their respective sets of global variables. □ 

Lemma 4. 16 states two properties of merging that will be used in upcoming proofs: 

Lemma 4.16 Properties of • o -. Let S,S',T be CHR states such that both S o T and 
S' oT exist. The following properties hold: 

(1) S >S' => S oT>S'oT 

(2) S S' => S oT ^ r S' oT 

Proof. Lemma 4.16.1: We assume w.l.o.g. that the states S,S',T share the same set of 
global variables. Let S = <U;B;V>,5' = <U';B';V),r = (U T ;B T ;Y) with local vars 
I, V, l T . From S > S' follows by Thm. 2.10: CT \= V(B -» 3Z'.((U=U') A B')). As Ur=Ur 
is a tautology, we get CT \= V(B A B T -> 3l'3l T .((U=W) A (U r =U r ) A B' A B r )) which 
proves S oT>S' oT. 

Lemma 4.16.2: We assume w.l.o.g. that the states S,S',T share the same set of global 
variables. According to Def. 2.12, there exists a variant of a CHR rule r @ H\ \ H2 <=> G | 
B u A B b , such that S = (Hi A H 2 A U; G A B; V) andS' = {Hi A B c A U; G A B b A B; V). 
By Prop. 4.15, there exists a state T — (U'; B'; V) such that T' = T whose local variables 
are renamed apart from those ofS and T. By Def. 2.12, we get S o T H-» r S' o T. □ 

Lemma 4. 17 sets the stage for the completeness theorem: 

Lemma 4.17. Let n be some cut-reduced proof of a sequent S L h £ T L , where S, T are 
arbitrary CHR states and S = Ep U ~Lct U ^= for a program P and a constraint theory CT. 
Any formula a in n is either of the form a — where S a is a CHR state or of the form 
a = Ch(t) where Cb(t) is some built-in constraint. 

Proof. We observe that both the root of n and all proper axioms in 2 are of 
the form U\ h U\ where U 1,1/2 are CHR states. The subformula property hence 
guarantees that every formula a in n is a subformula of the logical reading U L 
of some CHR state U. The general form of such a logical reading is U L = 

3/i 3l n .{c l u {h) ® ... ® c™(t m )) <g> (\cl(t\) ® ... ® lc k b (t' k )) where l u ...,l n are the local 

variables of U, c l u (t\), . .., c™(t m ) are its user-defined constraints and c^(Fi), . . . , c k b (tt) are 
its built-in constraints. We observe that any subformula a ofU L is either of the form a = 
for some CHR state S a or of the form a = ct(t), where Cb(t) is a built-in constraint. □ 
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The completeness of our semantics is formulated in Theorem 4.18: 

Theorem 4.18 Completeness. Let S,T be CHR states, P be a CHR program, CT be a 
constraint theory and let S = Z P U 2 C r U E±. -//"5 L h 2 T L , then there exists a state T such 
that S i — T' and T' > T in P. 

Proof. To preserve of clarity, we will omit the set 2 of proper axioms from the judgement 
symbol hj. Throughout the proof, D n (U, V) denotes the fact that for CHR states U, V, there 
exist states U\,...,U„ such that: 

Ui->U l ...»U n >V 

Consequently, Do(U, V) equals U > V. 

Secondly, we define an operator on formulas analogoous to merging on states: For 
any two (possibly empty) sequences of variables x,y and quantifier-free formulas a,B let 
3x.a03y.B ::= 3x.3y.a ® B. We observe that for arbitrary CHR states U, V where U o 
V exists, we have U L <$V L = (U o V) L . In the following, we assume w.l.o.g. that all 
existentially quantified variables in the antecedent of a sequent occuring in n are renamed 
apart. Hence, for every two formulas of the form U L , V L occurring in the antecedent of 
one sequent in n, both U o V and U L <$V L exist. 

We introduce a completion function r\, defined by the following table, where U is a CHR 
state, Cb(t) is a built-in constraint and F h a is a sequent: 

i](U L ) ::= U L 

T](c b (t)) ::= \c h {t) 

ri(y,D ::= rjiy^F) 

T](F h a) ::= 77(F) h 77(a) for non-empty F 

77(1- a) ::= 1 1- 77(a) 

For a sequent F V a, we call rj(F h a) the rj-completion ofF h a. From Lemma 4.17 
follows that for every sequent F h a in n, its rj-completion i](F h a) is of the form U L I- V L 
for some CHR states U, V. For example, 

T](3y.c u (x,y),x± 1 h 3z.c u (\,z)) = 3y.c u (x,y) ® \x = 1 h 3z.c u (l,z) 

= (c u (x,y) A x = 1; {x}) L h <c(l,z); T; 0) L 

We show by induction over the depth ofn that for every such U L h V L , we have D„(U, V), 
where n is the number of Hp-axioms in the proof of U L h V L . 

Base case: In case the proof of S L h T L consists of a single leaf, it is either an instance 
of a (Identity), (Rl), or (L0), or a proper axiom (F h a) e (I.± U E cr U 2 P ). 

—(Identity), (Rl), (L0): 

—— (Identity) ~r (Rl) 77— (L0) 

In the case of (Identity), we have rj(a h a) — U L h U L for some CHR state U L . In the 
case of(Rl), we have 77(1- 1) = U L h U L for U L = (T; T; V). As the entailment relation 
is reflexive, we have Dq(U, U). In the case of(LO), we have i](0 h a) — U L h V L where 
U =S ± . By Def. 2.5.5 and Def. 4.9.1, we have that U L > V L and therefore D (U, V). 

— For a proper axiom (F h or) e (S= U Y-ct) we have F h a = U L h V L where U, V are CHR 
states such that U > V and therefore 2Dq(U, V). 
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— For a proper axiom (T h a) e we have T h a — U L \- V L where U, V are CHR states 
such that U i-» V an<f therefore D\(U, V). 

Induction step: We distinguish nine cases according to which is the last inference rule 
applied in the proof. Cut reduction implies that it must be one of (Cut), (L®), (R®>), 
(Weakening), (Dereliction), (Contraction), (Rl), (L3), and (R3). 

— (L®), (Dereliction), (Rl): For (Dereliction) and (R\), the banged formula must be an 
atomic built-in constraint c b (t): 

T,a,Bhy r,c„(T)\-/3 IT h c h (t) 

(L®>) — — — — - (Dereliction) — — - — — (Rl) 



r, a ®b h y ' r, \c b (t) \-p \r \-\c b (t) 

Since i](a,J3) = n(a ® j3) and n(\cb(t)) = n(cb(t)), each of these rule is invariant to the 
^-completion of the sequent, thus trivially satisfying the hypothesis. 
-(LI): 

rL9L (L1) 

1,1 h a 

We assume that Sr = <Cr,Br, Vr) and S a are CHR states such that 5^: = 77(F), = 
77(a), and D„(S T ,S a ). Then by Def. 2.5.3, we have D n (S' r ,S a ) where S' r = <U r ,Br A 
T,V r >. AsS'L = T)(T, 1), this proves the hypothesis. 
— (Weakening): By Lemma 4.17, we have that the introduced formula is of the form \cb(t). 

r.icXl {Weakenin ^ 

We assume that Si = (Up, B r , Vr) andSp are CHR states such thatS^ = 77(F), S^ = r/(B) 
and D„(Sr,S p). Furthermore, let U = (Ur;B r Acb(t); Vr). Since U L = t](F, \cb(t)) and 
U > Sr, Lemma 4.12 proves the hypothesis. 
— (Contraction): By the subformula property, we have that the contracted formula is of 
the form \cb(t). 

T,\c b (t),\c b (t)hB . 
— — — — — (Contraction) 

r, \c b (t) hB 

Since <U; B A Cb(t); V) > <U; B A Cb(t) A Cb(t); V) we prove the hypothesis analogously to 
(Weakening). 

— (R®): The subformula property implies that the joined formulas must be CHR states U L 
and V L without local variables: 

T " UL L AhV ' (*®) 

r, a 1- u ® v 

Let Sr,S& be CHR states such that S^ — 77(F), S^ — 77(A). The induction hypothesis 
gives us D n (Sr, U) and D m (S a, V)for some n, m. By Lemma 4.16.1 and Lemma 4.16.2 
we have D n (S r o S a, UoS A ) and D m (U oSa,UoV). By Lemma 4.12, we get D n+m (S r <> 
S A ,UoV). 

— (Cut): Since n is a cut-reduced proof and all axioms are of the form U\ V the 
eliminated formula must be the logical reading of a CHR state U: 

r h U L U L ,AhB 

r, a hyg (Cut) 
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Let Sr,S&,Sj3 be CHR states such that S£ = t](T), S^ = 77(A), and S^ = i](B). The 
induction hypothesis gives us D n (Sr, U) and D m (U o S&,Sp). Applying Lemma 4.16, 
we get D„(Sr o Sa, U o S a). By Lemma 4.12, we get D n+m (Sr o S a, Sp) which proves 
the hypothesis. 

— (L3): In the preconditional sequent, the quantified variable x is by definition replaced 
by a fresh constant a that does not occur in Y, a, or B: 

r, a [x/a] h B 

1 J " (L3) 
r, 3x.a hB ' 

Let U = <U [x/a] ; B [x/a] ; V U {a}) and S p be CHR states such that U L = n(F, a [x/a]), 
Sp = rj(fj), and x £ V. The definition of state equivalence gives us U = (U; B A x = 
a; V U {a}). Furthermore, we have T](F, 3x.a) = (U, B, V) L . By the induction hypothesis, 
we have states U\,...,U„ such that U H-> ri U\ H-> r2 ... h-^" U n > Sp where Ui 

J : B,- A x = a; V U {a}) for i e {1, . . . , n}. Neither the binding x - a nor the set of global 
variables affect rule applicability. Hence, we can construct an analogous derivation 
<U;B;V) hV" 1 U[ ^ n ... i-> r " U'„ where U[ = <U,-; B,-; V) for i e {l,...,n}. S;nce 
U n > Sp and a must not occur in B, we also have have (U„; B„; V) > Sp. Therefore, we 
have £>„«U; B; Y),Sp). As rj(T, 3x.a) = (U; B; V) £ , this proves the hypothesis. 

— (R3): By definition, the quantified variable x substitutes an arbitrary term t. 

r,3x.B (R3) 

Let S r ,U,V be CHR states such that S^ = t](Y), U l = T](B [x/t]), and V L = i](3x.B). 
By the induction hypothesis we have D n (Sr,U) for some n. Let V — (U;B;V) and 
U = <U [x/t] ; B [x/t] ; [x] U V). We have U = (U;x = t A B; [x] U V) > <U; x = 
t A B; V) > <U; B; V) = V, and therefore, D„(S r , V). 

Finally, we have Dn(S, T) for some N, i.e. there exist states S\,.. .,Sn such that: 

S h+ Si ... S N >T 

It follows that for T = S n, we have S h->* T and T >T. □ 

Lemma 4.19 states that when excluding the proper axioms in S P , logical judgement 
implies state entailment: 

Lemma 4.19(ho >). For arbitrary CHR states S ,T, entailment S >T holds if and only 
if the judgement S L \-% T L is provable fori. = Ict U 2±. 

Proof sketch. ' <=': We apply Thm. 4.18 to the empty program P = 0. 
' =>'; We proof that all conditions in Def. 4.9 comply with the judgement relation h: For 
Def. 4.9.1, CT \= V(B — > B') implies that ~Lqt contains an axiom B h B'. Hence, we 
can prove 3_ V .U A B h 3_ ¥ .U A B'. For Def. 4.9.2, it is valid since S L h 3x.S L holds 
for any S L . Concerning the implicit conditions of a partial order relation, reflexivity and 
anti-symmetry hold for the judgement relation V- as well and anti-symmetry is a natural 
consequence of Def. 3.4. □ 

Theorem 4.20 defines the relationship between state equivalence and the linear-logic 
semantics. It is a direct consequence of Corollary 4.11 and Lemma 4.19 and therefore 
goes without proof: 
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Theorem 4.20 (=<=>HI-). Let CT be a constraint theory and £ = ~Lct U £=• For arbitrary 
CHR states S,T, we have: 

S = T &S L hi-e r L 
The following example illustrates the completeness theorem: 

Example 4.21. We consider the partial-order program P given in Example 2.17 and a 
minimal constraint theory CT. For I = XpU Scr U Si, we have 

a<b®b<c®c<a\-£. \a = b 

which equals: 

(a < b A b < c A c < a; T; {a, b, c}) L h z <T; a = b; {a, b}) L 
This corresponds to: 

{a < b A b < c A c < a; T; {a,b, c}) (T; a = b A a = c;{a,b, c}} > (T; a = b; [a, b}) 
4.6 Encoding Programs and Constraint Theories 

In the axiomatic linear-logic semantics presented in Sect. 4.2 to Sect. 4.5, only states are 
represented in logical judgements. Both programs and constraint theories disappear into 
the proper axioms of a sequent calculus system and hence are not objects of logical rea- 
soning. 

In this section, we show how to encode programs and constraint theories into logical 
judgements, enabling us to reason directly about them as well. In Sect. 6.2, we will use 
this encoding to decide operational equivalence of programs. As a further benefit, a com- 
plete encoding of programs and constraint theories assures the existence of cut-free proofs 
for the respective judgements and ensure compatibility with established methods for auto- 
mated proof search methods relying on this property. 

As usual, (-) L stands for translation into linear logic. 

Encoding of Constraint Theories. The constraint theory CT itself is encoded according 
to the translation quoted in Def. 3.3. Furthermore, for every n-ary user-defined constraint 
symbol c u and every j e {1, . . . ,n], we add the following formula to the translation of the 
theory, where x\,...,x„ and y are variables: 

\V(c u (xu...,Xj, ...,x n ) <g> \{Xj = y) -o c u (xi,...,y,...,x n ) <g> \{xj = y) 

We obtain the following encoding of constraint theories: 

Definition 4.22 (CT L ). Let CT be a constraint theory. Its linear-logic reading CT L is 
given as: 

n \ 
CT L ::- CT* U \J\J !/«•„( v ; . ...) ® \( Xj - v) - <•„(.... v. ...) X \( Xj = v) 

Ve„/n j=\ 

Encoding o/2 P . The translation of CHR rules follows the same lines as the encoding of 
the CT axioms: 

Definition 4.23 (R L , ¥ L ). (1) Let R = r @ Hi \ H 2 o G \ B u A B b be a CHR rule with 
local variables y r . Then its linear-logic reading R L is defined as: 

R L :: = !V(//f <g> H\ <g> G L -° H\ <g> 3y r .(B^ ®B L b ® G L )) 
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(2) Let P = {R\, ...,R n ) be a CHR program. Then its linear-logic reading P L is defined 

as: 

P L ::= [JR L 

Ret 

For the encoding semantics, the following soundness and completeness theorem holds: 

Theorem 4.24 Soundness and Completeness. Let S,T be CHR states. There exists a 
state U such that 

S h** U andU >T 

in a program P and a constraint theory CT if and only if 

P L ,Cr L hV(S l -o T L ) 

Proof. We prove Thm. 4.24 by showing that any proof tree in the axiomatic semantics 
can be transformed into a proof tree in the encoding semantics and vice versa. To ensure 
of clarity, we will omit the set of proper axioms from the judgement symbol. 

Axiomatic to encoding:. We assume a proof n of a sequent S L h T L in the axiomatic 
semantics. We replace every axiom 3x.M L h 3x' M' L in Zcr by a sub-tree proving 
CT L , 3x.M L h 3x'.M' L . The same is done for every equality axiom in E±. Similarly, every 
axiom H\ <g> H\ ® G L h H\ <8> 3- yr .(B^ ® B^ ® G L ) in E P is replaced with a sub-tree prov- 
ing 1? L ,H[ <g> H\®G L h H\ <8> 3_y r .(B^ ®Bl<S> G L ). We propagate the thus introduced 
instances of CT L and¥ L throughout the proof tree, thus producing a proof n' of 



CT L ,...,CT L ,¥ L ,...,P L ,S L h T L 



We insert n' into: 



— {Contraction)* 



CT L ,¥ L ,S L h T L 

— ; — ; ; r ( R ~°) 

CT L ,¥ L \-S L -o T L 

CT L ,¥ L hYf^H, T L ) 

Encoding to axiomatic:. Let stand for element-wise multiplicative conjunction of a 
set and let n be a proof of a sequent CT L , P L h V(5 L -o T L ) in the encoding semantics. 

For every !V(3x.B L -o 3x' B' L ) e CT L , we have h E !V(3x.B i -o 3x'.B' L ) where 2 = 
I. C t U £±- Hence, there exists a proof n C T ofhx (^) CT L . Similarly, there exists a proof n v 
of^ r <g)V L . 

ncr ®CT L ,®P^ V(S L ^T L ) JT^JI (Identity) ^—^ (Identity) 

(Cut) (L —o) 

7T P P^ - h V(iS^ —o T^) S L ,S L ^T L ^T L ' 

; ; (Cut) ; ; ; (LV) 

hV(5 L ^r L ) V(5 L -o T L ),S L h T L 

; ; (Cut) 

S L h T L 

As we can transform the respective proof tree from the axiomatic to the encoding seman- 
tics and vice versa, the two representations are equivalent. □ 

5. A LINEAR-LOGIC SEMANTICS FOR CHR V 

In this section, we extend our linear logic semantics to CHR with Disjunction (CHR V ), 
a common extension of CHR. To avoid ambiguity, we will henceforth use the term pure 
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CHR to refer to the regular segment of CHR without disjunction. 

We will firstly recall the syntax and semantics of CHR V in Sect. 5.1. Then we define 
an equivalence-based formalization of its operational semantics in Sect. 5.2, analogous to 
u) e for pure CHR. In Sect. 5.3, we apply this equivalence-based formalization to define a 
linear-logic semantics for CHR V and proof its soundness and completeness. In Sect. 5.4, 
we show that in the case of CHR V , the linear-logic semantics has less desirable proper- 
ties than for pure CHR: Concretely, linear-logic based reasoning over CHR V programs 
produces in general less precise results than over CHR programs. We then introduce the 
well-behavedness properties of compactness and analyticness which amend this limitation. 

5.1 Introduction to CHR V 

CHR V has a richer syntax than pure CHR: The definition of goals is extended by the dis- 
junction operator V. Alluding to its operational meaning, we may also refer to V as the 
split operator. We also introduce the notion of configuration, which can be read as a dis- 
junction of CHR states, and we extend the definition of goal equivalence to account for 
distributivity. 

Definition 5.1 Goals, States, Configurations. We adapt the definitions of goal and state, 
and we define configuration as follows: 



Built-in constraint: 


B: 


:= T 


| c b (t) | B A B' 






User-defined constraint: 


U: 


:= T 


c u (f) | U A U 






CHR V goal: 


G: 


:= T 


Cu(t) | c b {t) | 


GAG' 


| G VG' 


CHR V state: 


S : 


:=<G 


;V> 






Configuration: 


S : 


:=e| 


S 1 S vS 







For any two goals G, G', goal equivalence G =c G' denotes equivalence between goals 
with respect to associativity and commutativity of A, the neutrality of T with respect to A, 
and the distributivity of A over V. s stands for the empty configuration, which is opera- 
tionally equivalent to a failed state S ±. 

A goal which does not contain disjunctions is called flat. A state (G; V) where G is flat is 
also called flat. A configuration S is called flat if it is empty or consists only of flat states. 

Allowing A to distribute over V guarantees that every goal is equivalent to its disjunctive 
normal form (DNF). We do not allow the opposite law of distributivity. For example, we 
have Gi A (G 2 V G 3 ) = c (Gi A G 2 ) V (Gi A G 3 ) but Gi V (G 2 A G 3 ) £ G (Gi V G 2 ) A (Gi V G 3 ). 
Thus any finite goal has only a finite number of equivalent representations. 

In CHR V , we use the same definition for state equivalence as in pure CHR. However, as 
the definition of goal equivalence is extended, this implicitly carries over to state equiva- 
lence. For example: <Gi A (G 2 V G 3 ); V) = <(Gi A G 2 ) V (Gi A G 3 ); V). 

As in goals, CHR V allows disjunctions in rule bodies. The clear seperation between 
user-defined constraints and built-in constraints in the rule body no longer applies. This is 
reflected in the following definition: 

Definition 5.2 CHR V Rules. A CHR V rule is of the form 

r @ Hi \ H 2 o G | B 

The kept head H\ and the removed head i/ 2 are user-defined constraints. The guard G is a 
built-in constraint. The rule body B is a CHR V goal, r serves as an identifier for the rule 
and may be omitted along with the @. An empty guard may be omitted along with the |. 
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We observe that restricting CHR V to the segment without disjunction restores pure CHR. 
Hence, pure CHR is a subset of CHR V . The operational semantics of CHR V has originally 
been defined in [Abdennadher and Schiitz 1998]. An additional transition rule called Split 
resolves disjunctions by branching the computation. Adjusted to our syntax, we express 
that transition rule as follows: 

Split: <Gi v G 2 ; V) ^> sp <G,:V> v <G 2 ; V) 

We can straightforwardly adapt the operational semantics cj e to the syntax of CHR V . 
Adding one rule to handle equivalence transformations of states and two more rules to han- 
dle composition of configurations gives us the following operational semantics for CHR V : 

Definition 5.3 Operational Semantics ofCHR w . CHR V is a state transition system over 
configurations defined by the following transition rules, where (r @ H\ \ H 2 <=> G | B) 
is a variant of a CHR V rule whose local variables y r are renamed apart from any variable 
occurring in vars(H\ ,H 2 ,G,N): 

r @ H l \H 2 <^G\B CT \= 3(G A B) 



Apply 



(Hi A H 2 A G A G; V) ^ r (Hi A G A B A 
Split 



StateEquiv: 



<Gi vG 2 ;V) h-> ( /> <Gi;V)v<G 2 ;V> 
S' = S S t->W s P> T T = T 

S' \-+(r/sp) J 1 



S rW'pI S' S h^W^) S' 

CompLeft: = — CompRight: 



SVT h->( r /*p) S' V T ' TVS hW'') T V S' 



If the applied rule is obvious from the context or irrelevant, we write transition simply 
as We denote its reflexive-transitive closure as h-»*. 

The following example shows a possible computation in CHR V : 

Example 5.4. Consider the following CHR V program: 

rl @ bird <=> albatross V penguin 

r2 @ penguin A flies <=> ± 

Running this program with the initial state (bird A flies; 0) produces the following fixed- 
point computation: 

[(bird A flies; 0)] 
H-> rl [((albatross A flies) V (penguin A flies; 0)] 
t-> sp [(albatross A flies; 0)] V [(penguin A flies; 0)] 
m/ 2 [(albatross A flies)] V [<_L; 0>] 

The first transition step is justified by the Apply as well as the StateEquiv transition rule. 
The last transition step is justified by Apply and CompLeft. 

5.2 An Equivalence-Based Operational Semantics for CHR V 

While the operational semantics presented in Sect. 5.1 precisely formalizes the execution 
of a CHR V program, it is of limited use for program analysis. For example, we would 
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intuitively assume that two configurations should be considered equivalent if they differ 
only in the order of their member states. 

In this section, we propose a notion of equivalence of configurations, we show its com- 
pliance with rule application and we propose a formalization of the operational semantics 
based on equivalence classes of configurations. 

Definition 5.5 Equivalence of Configurations. Equivalence of configurations, denoted 
as • s v •, is the smallest equivalence relation over configurations satisfying all of the 
following properties: 

(1) Associativity and Commutativity: 

S V T = v T V S and (5 V T ) V = w S V (f V U) 

(2) State Equivalence 

S = e S' => S v f = v S' v f 

(3) Neutrality of Failed States: 

(4) Split: 

[<Gi vG 2 ;V>] vf = v [<Gi;V>] v [<G 2 ;V>] v f 

Compliance of configuration equivalence with rule application is formalized as follows: 

Property 5.6 Compliance with Rule Application. Let S ,S',T be arbitrary configura- 
tions such that S = v S' and S h->* t. Then there exists a T' such that T = T' and 
S' T . 

Proof sketch. Element states of a configuration are handled independently of each 
other, making associativity and commutativity idempotent to rule application. Equiva- 
lence transformation of states complies due to the StateEquiv rule. Failed states do not 
allow rule application. Any application of the Split axiom hindering rule application can 
be reversed by application of the Split transition. □ 

The compliance property allows us to define an operational semantics based on equiv- 
alence classes of configurations using only a single transition rule. In analogy to the 
equivalence-based semantics co e for pure CHR, we will refer to this operational seman- 
tics as at]! . 

Definition 5 .7 Transition System of . CHR is a state transition system over equiv- 
alence classes of configurations. It is defined by the following transition rule, where 
(r @ Hi \ H2 <=> G I B) is a variant of a CHR rule whose local variables y r are renamed 
apart from any variable occurring in vars(H 1 ,H2, G, V): 

r @ Hi \ H 2 <=> G I B CT \= 3(G A B) 

[(Hi Aff 2 AGAG;V>vf]H' [(Hi A G A B A G; V) V f ] 

If the applied rule is obvious from the context or irrelevant, we write transition simply 
as i->. We denote its reflexive-transitive closure as i->*. 
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Analogously to pure CHR, we define a notion of confluence: 

Definition 5.8 Confluence. A CHR V program P is called confluent, if for arbitrary con- 
figurations S , T, U such that [S] h->* [f ] and [S] h->* [U], there exists a configuration V 
such that [T ] h^* [V] and [U] [V]. 

Furthermore, we define three sets of observables based on equivalence classes of con- 
figurations: 

Definition 5.9 Observables. Let S be a CHR state, P be a program, and CT be a con- 
straint theory. We distinguish the following sets of observables: 

Computable config.: C P>CT (5) ::={[f ] | [S] h^* [f]} 

Answer: &f,ct(S) "={[? ] I [5] ^* [f] 

Data-sufficient answer: 5 P ,cr(5) ::={[(T; B x ; Vi> V . . . V <T; B„; V„>] | 

[S] [<T;Bi;Vi>V...V(T;B„;V„)]} 

Note that the parameters for all three sets are states rather than configurations, as we as- 
sume that every computation starts from a singular state. For all three sets, if the constraint 
theory CT is clear from the context or not important, we may omit it from the respective 
identifier. 

Analogously to Property 6.13, we have a hierarchy of observables: 

Property 5.10 Hierarchy of Observables. For any state S , program P and constraint 
theory CT, we have: 

Sv,ct(S) c J[p,ct{S) £ Cr,cr(S) 

The following example illustrates our definitions: 

Example 5.11. We recur to the program from Example 5.4. 

bird <=> albatross V penguin 

penguin A flies <=> ± 

Using (jL> w e , we can construct the following derivation starting from the initial state So - 
{bird A flies; 0): 

[(bird A flies; 0>] 
h->v [{(albatross V penguin) A flies; 0)] 
= [{albatross A flies; 0) V {penguin A flies; 0)] 
h->v [{albatross A flies) V (±; 0)] 
= [{albatross A flies)] 

In comparison with Example 5.4, we now obtain our result with one less transition. More 
importantly, our transition system consists of only one transition rule now. The equivalence 
relation over configurations allows us to omit the failed state from the final configuration, 
producing a more elegant representation of the answer. 

With respect to the observables, we have CASq) = [[So], [{(albatross V penguin) A 
flies; 0)], [{albatross A flies)]}, ^ r (So) = [[{albatross A flies)]], and Sp(So) = 0- 

5.3 Extending the Linear-Logic Semantics to CHR V 

In this section, we develop a linear-logic semantics for CHR V , based on the equivalence- 
based operational semantics oS^ . 
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Atomic built-in constraints: 
Atomic user-defined constraints: 
Falsity: 

Empty constraint/goal: 
Constraints/goals: 
Disjunction within goals: 
States: 

Configurations: 
Empty configuration: 



c b (t) L 

Cu(t) L 



\c h (i) 


1 



(G, a G 2 ) L 
(Gi v G 2 ) L 



G|®G£ 

B_ V .G L 
S L <ST L 




<G;V> L 
(S V T) L 



CT \= 3x.B -> 3x'.W 
3x.B L h 3x'.B' L 



c u (...,tj,...) ® = w) h c u (...,u, ...) 8> !(( ; = w) 



(r @ Hi \ H 2 o G | B) [x/y] € P 



(£p) 



H\ ® H\ ® G L h fff 3>',-.(B i 8 G L ) 



Fig. 4. The axiomatic linear-logic semantics for CHR V 



5.3.1 Definition of the Semantics. Since pure CHR is completely contained in CHR V 
and represents a significant subset thereof, it stands to reason that the linear logic semantics 
for pure CHR should be preserved for that segment. Hence, a large part of the semantics 
carries directly over to CHR V . Now consider a pure CHR program Pi of the following 
form: 



We gain the insight that don't-care non-determinism in CHR is already implicitly 
mapped to additive conjunction & in linear logic. 

Mapping the split connective V to multiplicative disjunction ffi is an obvious choice, 
as: (1) ® distributes over ©, (2) absurdity - representing failed states - is neutral with 
respect to ©, and (3) © complements &, which represents committed choice. Hence we 
preserve the clear distinction between the two types of non-determinism. We furthermore 
adapt the translations of states and programs to the syntax of CHR V , thus obtaining the 
semantics given in Fig. 4 

5.3.2 Soundness of the Linear Logic Semantics for CHR W . In this section, we prove 
the soundness of our semantics with respect to co^ . At first, we show that configuration 
equivalence implies logical judgement: 

Lemma 5.12 = v =>hi-. (7) For goals 61,62 such that Gi =c 62, we have Gi hi- G2. 
(2) For CHR V states S 1 , S 2 and an arbitrary constraint theory CT such that such that 
S 1 = 5 2, we have S \ Hh £ S 2 where £ = T, C t- 



r x @ H o G I B\ 
r 2 @ H o G I B 2 

The logical reading of this program in the encoding semantics is: 



Ff = !V(// L -o G L -o 3yi.fit)<8> !V(// L ^> G L -° 3y 2 .B^j 



This is logically equivalent to: 
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(3) For configurations 5 i , 5 2 and an arbitrary constraint theory CT such that such that 
S\ s v 5 2, we have Si Hh £ 5 2 where £ = Xcr- 

Proof. Lemma 5.12.1: The property holds, as ® is associative, commutative, has the 
neutral element 1 and distributes over ffi. Lemma 5.12.2: Proof is analogous to Lemma 4. 7. 
Lemma 5.12.3: We consider the properties given in Def. 5.5 - Def. 5.5.1: For all a,B,y, 
we have a® [3 HI- (3® a and {a®B)®y hi- a®(B®y). Def. 5.5.2: The property follows from 
Lemma 5.12.2. Def. 5.5.3: For all a, we have © a HI- a. Def. 5.5.4: For all a,f3, y, V, we 
have (3-y.a ®B) ffi y hi- (3-v.a) © (3_ v .y6) ffi y. □ 

Theorem 4.8 states the soundness of the axiomatic linear-logic semantics forCHR v . 

Theorem 5.13 Soundness. For any CHR V program P, constraint theory CT and config- 
urations U, V, 

[U] 1 — [V] => U L h z V L 

where 2 = S P U 1, CT . 

Proof. Let U, V be configurations such that U H-> r V. According to Def. 2.12, there 
exists a variant of a rule with fresh variables (r @ H\ \ H2 <^> G \ B) and configurations 
U' = (Hi A H 2 A G A G; V) V f , V = (B u A Hi A B b A G A G; V) V f such that U' = U 
and V' = V. Consequently, 2 P contains: 

H\®H%® G l h z H\ ® 3y r .(B L ® G L ) 

Analogous to the proof of Thm. 4.8, we proceed to: 

3-y.Hi ® H\ ® G L ® G h s 3_ v .//[ ® G £ ® B L ® G 

Anc/ f/zen to: 

(3_v.^f ® H\ ® G L ® G) ffi f L h E (3_ v .Hf ® G L ® B L ® G) ffi f L 

This corresponds to U' L h £ V' L . Lemma 4. 7 then proves that U L h 2 V L . As the judgement 
relation is transitive and reflexive, the relationship can be generalized to the reflexive- 
transitive closure U V. □ 

5.3.3 Configuration Entailment. Analogously to state entailment for pure CHR, we 
define a notion of configuration entailment to characterize the discrepance between tran- 
sitions in a CHR V program and judgements in its corresponding sequent calculus system 
and thus to completeness of the linear-logic semantics: 

Definition 5.14 Entailment of Configurations. Entailment of configurations, denoted as 
• ► •, is the smallest reflexive-transitive relation over equivalence classes of configurations 
satisfying the following conditions: 

(1) Weakening: For any state S and configuration t: 

[T] ► [S V T ] 

(2) Redundance of Stronger States: For any CHR V states S 1, 52, T such that 5 1 > 52: 

[5i V5 2 Vf] ► [5 2 Vf] 
The following property follows from the definition: 
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Property 5.15 (> =>►). For CHR V states S i, S2 such that S \ > S 2 : 

[Si Vf] ► [S 2 vf] 

Proof. [Si V f ] ► [5 2 V Si V T ] = [Si V S 2 V f ] ► [5 2 V f ] □ 

Lemma 5.16 corresponds to Lemma 4. 12 for the case of pure CHR. 

Lemma 5.16 Exchange of h-> and Let S , U, f be configurations. IfS ► U and U H-> r 
T then there exists a configuration V such that S h->* V and V ► T. 

Proof. Firstly, we consider hypothesis with respect to the axioms of configuration en- 
tailment (cf. Def. 5.14): 

Def. 5.14.1. Assume that [S] ► [S V S] H-> r [f ]. It follows that either (i) [S] i-> r [S'] 
and [T ] = [S' V S] or (ii) [S] H-> r [S'] and [T] = [S V S']. In case (i), we have [V] = [S] 
and [S] ► [f ]. In case (ii), we have [V] = [S'] and [S] ^ r [5>[SVS'] = [f ]. 

Def. 5.14.2. Assume that [S \ VS 2 VS] ► [S 2 VS] H^ r [f] w/zere [Si] > [S 2 ]. It follows 
that either (i) [5 2] i-> r [S 2 ] anrf [f] = [S 2 VS] or fnj [S] H^ r [S'] one/ [f ] = [S 2 VS']. /n 
case (7), Lemma 4.12 proves that there exists anS\ such that [S 1] i-» r [S'j] and [S\] > [S 2 ]. 
//e«ce, we get [V] = [S[ VS' 2 VS] one/ [S 1 VS 2 VS] H^ r [S', VS 2 VS] i-> r [S'j VS 2 VS] ► 
[S 2 V S] = [f]. /n case CiiJ, we We [V] = [Si V S 2 V S'] anc/ [Si V S 2 V S] hV 
[St VS 2 VS'] ► [S 2 VS] = [f]. 

For //ie reflexive closure of these axioms, the hypothesis is true as [S] = [t7] implies 
[V] = [T ]. For their transitive closure, it follows by induction. Hence, the hypothesis holds 
for configuration entailment in general. □ 

5.3.4 Completeness of the Linear-Logic Semantics for CHR V . Lemma 5.17 sets the 
stage for the completeness theorem. Its proof is analogous to the proof of Lemma 4. 17 and 
will be omitted here: 

Lemma 5.17. Let n be a cut-reduced proof of a sequent S L v- T L where S ,T are ar- 
bitrary configurations. Any formula a in 7t is either of the form a — S^ or of the form 
a — Ch(t) where S a is a configuration and ci,(i) is a built-in constraint. 

It should be noted that the configuration S a is not necessarily unique, i.e. more than one 
configuration might map to a specific formula. For example, let formula a = c u (t) © c u (t). 
We then have (c u (t) V cJJ); vars(c u (t))) L = «c„(f); vars(c u (t))) V (c u (t); vars(c u (t)))) L = a. 
However, we have by Def. 5.5.4 that S L = T L => S ► T. 

Theorem 5.18 Completeness of the Semantics for CHR v . Let S ,T be configurations, 
let Fbe a program and CT be a constraint theory. Then the sequent S L h T L is provable in 
a sequent calculus system with proper axioms S = ~Lqt U S= U Ep if and only if there exists 
a configuration U such that S 1— >* U and U > T. 

Proof. To preserve clarity, we will omit the set of proper axioms from the judgement 
symbol. Furthermore, D(U, V) denotes the fact that for configurations U, V, there exist 
configurations U\, . . . , U n for some n such that: 

Entailment U ► V implies D(U, V). We define •<>• as in the proof of Thm. 4.18. 
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Let n be a cut-reduced proof of S L h T L . We assume w.l.o.g. that all existentially 
quantified variables in the antecedent of a sequent in n are renamed apart. We define T] as 
an extension of the completion function from the proof of Thm. 4.18 to configurations: 



n(S L ) 

i](r h a) 
77O a) 



S L 

\c„(t) 

77(F) h 77(a) for non-empty F 
1 h i](a) 



From Lemma 5.17 follows that for every sequent F h a in n, we have r/(T h a) = U L h V L 
for some configurations U, V. We show by induction over the depth ofn that for every such 
U L h V L , we have D(U, V). 

Base case: In case the proof of S L h T L consists in a leaf it is an instance of {Identity), 
(LO), (Rl), or a proper axiom (F h a) e (S= U Ect U 2p). We apply the same arguments as 
in the proof of Thm. 4.18. Thm. 4.18. 

Induction step: As n is cut-reduced, the final inference rule either has to be one of (Cut), 
(L®), (R®), (LI), (Weakening), (Dereliction), (Contraction), (R\), (L3) and (R3), or one 
of(L®), (R®\), and (R®2)- In the former case, we can follow the same arguments as in the 
proof of Thm. 4.18. In the following, we consider (LB), (R®i) and (R®2). 



-(L®): 

F, a h y T,B I- y 
T, a ® B h y 



(L®) 



Let G a , Gp be goals, let Sr = <G; V) be a state and let S p be a configuration such that 
Cfc = 77(a), Gjj = T](J3), 5p = 77(F) and Sy = r](y). Let furthermore y a = vars(G a ) 
and yp = vars(Gp). Hence, tj(T, a) = (G A G a ; V U y a ) L , T](T,B) = (G A G^; V U yp) L , 
and r](Y, a ® B) = (G A (G a V Gp); VUj„U yp) L - The induction hypothesis gives us 
D((G A G a ; V U y a ),S y ) and D((G A G^; V U y fi ),S 7 ). By Def. 5.5.4 we have that 
tj(T, a®B) = (G A G a ; V U y a ) V (G A Gp; V U y p ). Finally by Lemma 5.16, we get 
■A(QaVQf,y,VUy a \Jy fi ),S r ). 



r h it r h b 



-(R®i), (R® 2 ): 



T h a®B v " F\-a®B 



We consider (R®i): By the subformula property, there exist configurations Sr,S a ,Sp, 
such that 5p = 77(F), — 77(a), and Sjj = i](B). By the induction hypothesis, we have 
XXS T ,S a ). By Def. 5.14.1, wehaveS a ► (S „V S p) and therefore D„(S r ,S a ®S p). (The 
proof for (R®2) works analogously.) 

Finally, we have D(S , T), i.e. there exist configurations S \ , ... S „ such that: 

S h+ Si ... ^ s n > t 

It follows that for -S n ,we have S U and U > f . □ 

Lemma 5.19 (►<=> h). For configurations S , f , we have [S] ► [f ] if and only if S L h £ T L 

where 2 = Ecr u E=. 
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Rules: 
Programs: 



(#! \ H 2 » G | B) L ::= !V(ff[ ®H^®G L -o H\ ® 3y r .(B L ® G L )) 
{K,,...,«„) L ::={K|,...,^) 



Fig. 5. The linear-logic encoding semantics for CHR 



Proof. ('<=') Follows from Thm. 5.18 by assuming an empty program P = 0. 
('=>') We consider the axioms for configuration entailment in Def. 5.14: W.r.t. axiom (1), 
[f ] ► [S V f ] implies T L h (S V f) L since f3 h a © /3. For Def. 5.14.2, [Si] > [S 2 ] 
implies hx S \ by Lemma 4.7. From a proof of 5^ h £ S\, we can construct a proof of 
S\ © 5 2 ffi T L hj; 5 j © T L . As h £ is furthermore reflexive and transitive, the hypothesis is 
reduced to Lemma 5.12. □ 

Analogously to the encoding semantics for pure CHR, we define an encoding semantics 
for CHR V . The translation of states and configurations is unchanged from the axiomatic 
semantics. The translation of constraint theories is the same as in the encoding semantics 
for pure CHR. The translation of rules and programs is updated to the syntax of CHR V as 
shown in Fig. 5.3.4. 

The soundness and completeness of the encoding semantics is proven analogously to 
Theorem 5. 18: 

Theorem 5.20 Soundness and Completeness of the Encoding Semantics. Let S,T be 
configurations. There exists a configuration U such that 

S h-»* U and U >T 

in a program P and a constraint theory CT if and only if 



As the encoding semantics is logically equivalent to the one proposed in Betz [2007], 
Theorem 5.20 also proves the equivalence of the axiomatic linear-logic semantics with that 
earlier semantics. 

5.4 Congruence and Analyticness 

The operational semantics a> e for pure CHR features the pleasant property that state equiv- 
alence coincides with mutual entailment of states (cf. Corollary 4.11). In this section, we 
show that the property of mutual configuration entailment, henceforth called congruence 
of configurations, does not in general coincide with configuration equivalence. 

To overcome this limitation, we introduce a well-behavedness property on configura- 
tions - compactness - and one on CHR V programs - analyticness - which guarantee that 
congruence coincides with equivalence. 

Definition 5.21 Congruence of Configurations. Given a constraint theory CT, two con- 
figurations S , T are considered congruent if S ► T and T ► S . Congruence of S and t is 
denoted as S-*>-T . 

Congruence of configurations does not generally comply with rule applications as the 
following example shows. 



P L , CT L h V(S 
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Example 5.22 Non-Compliance with Rule Application. By compliance, we mean the 
property that for arbitrary configurations S ,S',T such that S s v S' and S h->* T , there 
exists a T ' such that S' i-> T' and f ' = v T. 

Let 5 = (c u (X)) and f = <c„(0)> V (c u (X)) be configurations. As <c„(0)> > (c M (X)>, we 
have congruence: S <*-T. Now consider the following minimal CHR program: 

r @ c K (0) «* 4(0) 

We observe that we have t h-> r {d u (0)) V (c M (X)) whereas S is an answer configuration i.e. 
it does not allow any further transition. We thus observe that congruence of configurations 
is not in general compliant with rule application. 

However, we can make a somewhat weaker statement about the relationship between 
congruence and rule application: 

Property 5.23 Weak Compliance with Rule Application. Let S,S',T be configura- 
tions such that S-o-S'. Then S T implies that there exists a T' such that S' h->* t' and 
V ► T . 

Proof. S-4+S' implies S' ► S. Furthermore, we have S t. Hence, Lemma 5.16 
proves S' i->* t' and T ► f . □ 

As the congruence relation does not strongly comply with rule application, it is not 
appropriate as a general equivalence relation over configurations. On the other hand, from 
Lemma 5.19 follows that congruence of configurations coincides with logical equivalence 
over the respective linear-logic readings: 

Property 5.24. For arbitrary configurations S ,T, we have S <*-T hi- T. 

Hence, any reasoning over CHR V via the linear-logic semantics is necessarily modulo 
congruence. In order to allow precise logical reasoning over CHR V , we identify a seg- 
ment of CHR V where congruence and equivalence of configurations coincide. Firstly, we 
introduce the notion of compactness: 

Definition 5.25 Compactness. A configuration S is called compact if it does not have a 
representation S' = v S of the form S' = Si V52 VS" where S i,$2 are flat states such 
that S i * S ± and Si >S 2 - 

We extend the compactness property to equivalence classes of configurations in the ob- 
vious manner. The following lemma states that compactness guarantees that congruence 
and equivalence coincide. 

Lemma 5.26. Let S ,T be compact configurations such that S ^►f. Then S = v T. 

Proof. Considering Def.5.5, we observe that every configuration S has a representation 
of the form S = v Si V . . . V S n , where S f = (U ; A B,-; Yd for i e {1, ...,«}. By Def. 5.14, 
any two configurations S , T where S ► T have representations S = v S i V . . . V S „,T s v 
T\ V . . . V T m such that for every S ; where Si £ S ±, we have the exists a Tj such that 
Si>Tj). 

As S-o-T, we have representations S = v S\ V . . . V S„, T = v T\ V . . . V T m such that 
for every consistent S we have a Tj such that S ; > Tj, and for every consistent Tj there 
is an Si such that Tj > 5,. It follows that for every consistent S „ we have Tj,Sk such that 
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Si > Tj > Sic- As S is compact, S > Sk implies Si = Sk and furthermore Si = Tj. As T is 
compact, there is exactly one Tj such that S i = Tj. 

Since every consistent S ,■ has a unique corresponding state Tj with S ,■ = Tj and vice 
versa, Def. 5.5 implies that S = v T. □ 

We furthermore introduce a well-behavedness property for CHR V programs which guar- 
antees compactness of derived configurations by assuring that disjoint member states of a 
configuration have contradicting built-in states. It appears that a large number of practical 
CHR V programs satisfy this property. 

Definition 5.27 Analytic Program. A CHR V program is called analytic if for any flat 
state S and configuration T where [S] h->* [f], we have that T is compact. 

We give a sufficient (although not necessary) criterion for analyticness of CHR V pro- 
grams: 

Lemma 5.28 Criterion for Analyticness. Let P be a CHR V program consisting of rules 
R\,. ..,R„. Assume that every rule R t is of the form r @ H\ \ H 2 o G | (Ui A Bi) V . . . V 
(U m A B m ) such that CT ^ 3(B, A Bj)for every i, ye {1, ... , n}. Then P is analytic. 

Proof. We assume a single rule application S i— * r T where the applied rule be of the 
form R t = r @ Hi \ H 2 <=> G \ (Ui A Bi) V ... V (U m A B m ) such that CT 3(B, A Bj)for 
i,j e {l,...,n}. 

It follows that for every Ti = <Ui; Bi; Vi>, T 2 = (U 2 ; M 2 ; V 2 ) such that T = T X WT 2 \/T', 
we have CT ^ 3(Bi A B2). It follows by Lemma 4.10 that T\ f>T 2 . 

As the built-in store grows monotonically stronger, correctness for the transitive closure 
ofh* follows by induction. For the reflexive closure it follows from the fact that the state S 
is trivially a compact configuration. □ 

6. APPLICATION 

In this section, we outline how our results can be applied to reason over programs and their 
respective observables. We separate it into two broad application domains: In Section 6.1, 
we discuss the relationship between the linear-logic semantics and program observables. 
In Section 6.2, we show how we can compare the operational semantics of programs by 
means of their linear-logic semantics. 

6.1 Reasoning About Observables 

In this section, we show how to apply our results to reason about observables in both pure 
CHR and CHR V . We will first discuss pure CHR in detail and then show how the results 
are generalized to CHR V . 

6.1.1 Reasoning About Observables in Pure CHR. We define two sets of observables 
based on the linear logic semantics, paralleling the observable sets of computable states 
and data-sufficient answers. 

Definition 6.1. Let P be a pure CHR program, CT a constraint theory, and S an initial 
state. Assuming that S = Sp U S C r U S=, we distinguish two sets of observables based on 
the linear logic semantics: 

£^ CT (S) ::= {[71 | P L ,CT L ,S L h 2 T L ) 

£l CT (S) ::= {[<T;B;V>] | V l ,CT l ,S l h 2 <T;B; V) L } 
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If the constraint theory CT is clear from the context or not important, we write the sets 
as £<(S).^(S). 

The following definition and property establish the relationship between the logical ob- 
servables Xp and Xp and the operational observables Cp and S P 

Definition 6.2 Lower Closure of>. For any set § of equivalence classes of CHR states, 

v§ ::= {[T]\3S e S.[5] > [T]} 

The following property follows directly from Theorem 4.24: 

Property 6.3 Relationship Between Observables. For a pure CHR program P, a con- 
straint theory CT, and an initial state S, we have: 

£jji CT (S) = vCp,c7"(5) 

£f CT (S) = vS v , C t(S) 

From this relationship follow several properties that we can use to reason about the 
operational semantics. Firstly, in order to prove that a state S cannot develop into a failed 
state, it suffices to show that there exists any state T, such that [T] is not contained in C(S): 

Property 6.4 Exclusion of Failure. Under a program P, a constraint theory CT, and 
a CHR state S if there exists a state T such that T i £^ CT (S) then S± £ Cp^ct(S). 

Secondly, we can guarantee data-sufficient answers for a state S , if we can prove the 
empty resource 1 in linear logic: 

Property 6.5 Assuring Data- Sufficient Answers. (1) Under a program P, a con- 
straint theory CT, and a CHR state S, if (T; T;0) e £® CT (S) then S has at least one 
data-sufficient answer. 

(2) Iff is furthermore confluent, S has exactly one data-sufficient answer. 

Proof sketch. The first property follows from the fact that for any data-sufficient state 
<T; B; V), we have (T; B; V) > (T; T; 0). The second property follows from Prop. 2.16. □ 

Finally, if a specific state does not follow in linear logic, it is guaranteed not to follow in 
the operational semantics: 

Property 6.6 Safety Properties. For a program P, a constraint theory CT, and any 
two CHR states S, T, ifS' i £p Cr (S) then S' ( C r , C r(S). 

Example 6.7. This example shows how to exploit the completeness of our semantics to 
prove safety properties for CHR programs. By safety property, we mean a problem of non- 
existence of a derivation between two CHR states. The general form of a safety property 
is [T] t C P (5). 

We implement the n-Dining-Philosophers Problem for an arbitrary number of philo- 
sphers and we show using the phase semantics that the program can never reach a state in 
which any two philosophers directly neighboring each other are eating at the same time. 

We assume that CT includes the constraint theory for natural numbers. 

fork(x) A fork(y) o y — x + 1 mod n \ eat(x) 

eat(x) <=> y = x + 1 mod n \ fork(x) A forkiy) 

putfork(Q) <=> T 

putforkin) <=> n>l\n\=n-lA forking A putfork{n{) 
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We want to prove that two philosophers (among n philosophers) which are seated side by 
side cannot be eating at the same time. This can be formalized by the following safety 
property (we naturally assume there are at least two philosophers): 

Vn, i.[(eat(i) A eat(j); j = i + 1 mod n; 0)] f £^({putfork(n); T; 0» 

Showing that a certain state is not included in ££(S), or - more generally - that a certain 
linear-logic judgement is not valid is in general not trivial. Having an automated theorem 
prover try all possible inference rules exhaustively is an option. In [Haemmerle and Betz 
2008], a method to prove safety properties using the phase semantics of linear logic has 
been proposed. At this point, it shall suffice to state that we can show: 

P L , CT L ¥■ 3n, i.(putfork(n) -o eat(i) ® eat(j) ® \{j = i + 1) 

This proves that no two philosophers seated side by side can be eating at the same time. 

6.1.2 Generalization to CHR W . As for pure CHR, we define two sets of linear logic 
observables, paralleling the sets of computable configurations and data-sufficient answer 
configurations. 

Definition 6.8. Given a CHR V program P, a constraint theory CT, and an initial state 
S , we distinguish two sets of observables based on the linear logic semantics: 

££ CT (S)::={[f] | P L ,CT L ,S L h T L ] 
4 CT (5)::={[<T;Bi; Vi> V ... V <T;B„; V„>] | 

P L , CT L ,S L h «T; Bi ; Vi) V . . . V <T; B„; V„» L } 

The relationship between the logical observables and the operational observables is par- 
allel to pure CHR, though generalized to the lower closure of configuration entailment 

Definition 6.9 Lower Closure of*-. For any set § of equivalence classes of CHR states, 

T§ ::= {[T]\3S e S.[S] ► [T]} 

By Theorem 5.20, we then have: 

Property 6.10 Relationship Between Observables. For a CHR V program P, a con- 
straint theory CT, and an initial state S, we have: 

£p CT (S) = TC PjC r(5) 

X.l CT (S) = vSp,ct(S) 

Furthermore, each of Property 6.4, Property 6.5, and Property 6.6 have their obvious 
counterparts in CHR V . 

6.2 Comparison of Programs 

In this section, we put special emphasis on the comparison of CHR and CHR V programs 
across programming paradigms. Hence, we will not treat pure CHR in an isolated manner 
but as a subset of CHR V . Note also that we use the encoding rather than the axiomatic 
formulation of our semantics in this section. 

We define three notions of operational equivalence, each one corresponding to one set 
of observables as introduced in Section 2.2. 
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Definition 6.11 Operational Equivalence. (1) Two CHR V programs Pi , P2 are oper- 
ationally S-equivalent under a given constraint theory CT if for any state S , we have 



(2) Two CHR programs Pi , P2 are operationally ^.-equivalent under a given constraint 
theory CT if for any state S , we have &p u ct(S) = JIp 2 ,ct(S)- 

(3) Two CHR V programs Pi , P2 are operationally C-equivalent under a given constraint 
theory CT if for any state S , we have Cp u cr(S) = C .< / (.V ). 

We will mainly focus on C-eqivalence and ^-equivalence. What we call ^-equivalence 
has been researched extensively in the past (cf. Abdennadher et al. [1999]). It shows in 
this section that the linear-logic semantics is not adequate to reason about ^-equivalence. 

Definition 6.12 Logical Equivalence of Programs. Two CHR programs Pi,P2 are 
called logically equivalent under a given constraint theory CT if CT L h (g) P^ 0-0 (g) p£, 
where the unary operator (g) stands for element- wise multiplicative conjunction and 

(g) P[ «. (g) p£ is shorthand for ((g) P~ -o (g) P 2 J )&((g) P 2 -° (g) P[). 

The following proposition relates C- and 5-equivalence. 

Proposition 6.13. Operational S-equivalence is a necessary but not a sufficient condi- 
tion for C-equivalence. 

Proof. To show that S-equivalence is a necessary condition, we assume two C- 
equivalent programs Pi,P2- For every state S, we have Cp,(5) = C AS ). As each <S Pj 
is the projection ofCp,(S) to configurations with empty user-defined stores, we also have 



To show that S-equivalence is not a sufficient condition, consider the following two 
programs: 



Both programs ultimately map every a(x) and b(x) to x = 0. Hence, they are S-equivalent. 
For S = <a(x);0) and T = (b{x)\%) we have [T] e C Pl (5) but [T] i C Pl (S). Hence, the 
programs are not C-equivalent. □ 

We can show that operational C-equivalence implies logical equivalence of programs: 

Proposition 6.14. Let Pi,P2 be two C-equivalent CHR V programs under CT. Then 
CT L h (g) P, 0-0 (g) P 2 . 

Proof. Since Pi and P2 are C-equivalent, we have that Cp,(5) = Cp 2 (S) for all S. 
For every rule R = (r @ Hi \ H 2 <=> G \ B) € P 2 , we have by Def. 5.7: [{Hi ABA 
G; x}] e Cr 2 ((Hi A H2 A G; x)) where x — vars(Hi A H2 A G) and then by our hypothesis 
[(Hi A B A G;x)] e C Pl «//i A H 2 A G;Jc». Therefore, we get CT L h (g)P[ -0 R L . 
Applying this to all rules R e P 2 , we show CT L h (g) P^ -o (g) P^. Analogously, we get 
CT L h (g) P£ -o (g) P[. □ 

The reverse direction does not hold in general as the following example shows: 
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SPuCriS) - S ..( / I-V )• 



S Vl (S) - S (S ). 



Pj = { a (x) o b(x) 

b(x) o x = } 



P 2 = { a(x) <=> x = 

fe(x) <=> x = } 
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Example 6.15. Let the constraint theory CT contain at least the theory of natural num- 
bers. Compare the following two programs: 

Pj = { C (X) <=> X > 1 } P 2 = { C(X) O T 

c(x) <=> x > 1 j 

The greater-or-equal constraint > is a built-in constraint. Hence, it is translated as (x > 
1) L =\(x > 1). As_!(x > 1) h 1, we have P[ hh 2 (g) P§. We observe that <S Pl «c(x); x» = 
{(x > 1; x)} and Sp 2 ({c(x); x)) = {{x > 1; x), (T; x)}. As the sets are not equal, Pi and P2 
are not operationally <S-equivalent and hence, by Prop. 6.13, not C-equivalent. 

However, if we restrict ourselves to analytic, confluent programs, we can show that 
logical equivqalence of programs implies operational ^-equivalence: 

Proposition 6.16. Letfi^be two analytic confluent CHR V programs such that CT L h 
P[ <^> ® P£. Then P 1; P 2 are S-equivalent. 

Proof. As both Pi and P2 are confluent, we have \Sp h cr(S)\ e {0, 1} for any state S 
and i £ {1,2}, where \ ■ \ denotes cardinality. If \Sp u ct(S)\ = then \lSf u cr(S)\ = 
0. Otherwise, |Y«Sp ( ,crl ^ 1- In the former case, our proposition is trivially true since 
Sp it cT = 0- In the following, we assume \Sp^ct\ = 1- 

Logical equivalence implies that CT (S) — X^ 2 CT (S) for all S . Since X s is the pro- 
jection of X. c to configurations with empty user-defined stores, we also have CT (S) = 
-£p 2 ,C7-( 5 ) and hence vS Pu ct(S) = vS Pi ,ct(S). 

Since \Sr h criS)\ — 1 for i 6 {1,2}, each lower closure vSp u ct(S) has a maximum 
[Mj] e vS P .'cr(S) such that V[5] e v^.,cr(S).[A/i] > [S] and"s Vi , CT {S) = {[Mi]}. As 
vSp u ct(S) = V<Sp 2 ,ct(S), we have MiO-Mi- As both programs are analytic, we fur- 
thermore have that M\,M^ are compact. Hence, we have M\ = v M2 and therefore: 
<SvuCt(S) = <Sp 2 ,ct(S). □ 

The following example shows that logical equivalence does not imply operational Jl- 
equivalence: 

Example 6.17. We consider the program P = {c(x) <=> c(x)} and the empty program 
P = 0: 

As the logical reading P L =!V(c(x) -o c(x)) of P is a logical tautology, it follows that 
P L Hl-r Pj for any Z. Yet, for S = (c(x); T; 0), we have .71? (S) = whereas .71?, (S) = [S]. 
Therefore 51? (5) + A AS). 

The following final example shows how we can apply the linear-logic semantics to com- 
pare programs across programming paradigms. 

Example 6.18. We begin with the following classic Prolog program which implements 
a ternary append predicate for lists, where the third argument is the concatenation of the 
first two: 

appendix, y,z) <— x=[]Ay=z 

appendix, y,z) <— x— [h\l\] A z— \_h\li\ A appendih, y,h) 
We can embed this program into CHR V by explicitly stating the don't-know non- 
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determinism using the V operator. 

Pi = { appendix, y,z) O (x=[ ] Ay=z)V 

(x= [h\li] A z= [h\h] A appendil\,y, h)) } 
The linear-logic reading of the embedded program looks as follows: 

V\ = { Nx,y,z.(append(x,y,z) -° 3l\,h,h 

(!x=[ ] <g> !y=z)© 

(\x=[h\h] ® \z=[h\h] ® append(h,y, l 3 ))) } 

Secondly, we write a program to implement the append predicate the way it would be 
expected in CHR: 

P 2 = { append([ ],y,z) <=> y=z 

append([h\li],y,z) <=> z=[/z|y A append(h,y, h) } 

The two programs are not per se 5-equivalent. Consider their behaviour in case the first 
argument of append is bound to anything else than a list. For So = (append(3, x,y); 0), 
wehaveS Pl (S ) = {S j_) but S P2 (S Q ) = 0. 

Now let us assume that the first argument is always bound to a list. We can model this 
by the following formula: 

if = V(append(x,y,z) -° append(x,y,z) ® (!x - [ ] © 3h,l.\x = [h\l])) 

It shows that CT L , cp h (^) Pi 0-0 (g) P 2 . Hence, under the assumption that the first argu- 
ment is always bound to a (non-empty or empty) list, the two programs are operationally 
^-equivalent. 

Moreover, we observe that ip is equivalent to the logical reading of the CHR V rule R^,: 

Rtp = (r @ appendix, y,z) appendix, y,z) A (x — [ ] V x — [h\l])) 

Moreover CT L , ip h (g) P] 0-0 (g) P 2 implies that CT L h (0 Pi ®ip) 0-0 ((g) P 2 <g>^) Hence, 
the programs =F\l)R (fl and V 2 = P 2 U R^ are operationally 5-equivalent (without any 
further assumptions). 

7. RELATED WORK 

From its advent in the 1980ies, linear logic has been studied in relationship with program- 
ming languages. 

Common linear logic programming languages such as LO[Andreoli and Pareschi 1990], 
Lolli[Hodas and Miller 1991], LinLog[Andreoli 1992], and Lygon[Harland et al. 1996] 
rely on generalizations of backward-chaining backtracking resolution of horn clauses. 

The earliest approach at defining a linear-logic semantics for a committed-choice pro- 
gramming language that we are aware of has been proposed in [Zlatuska 1993]. The cor- 
responding language is indeed a fragment of pure CHR without multiple heads and with 
substantial restrictions on the use of built-in constraints. 

The linear-logic programming language LolliMon, proposed in [Lopez et al. 2005], in- 
tegrates backward-chaining proof search with committed-choice forward reasoning. It is 
an extension of the aforementioned language Lolli. The sequent calculus underlying Lolli 
extended by a set of dedicated inference rules. The corresponding connectives are syntac- 
tically detached from Lolli's own connectives and operationally they are processed within 
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a monad. The actual committed-choice behaviour comes by the explicit statement in the 
operational semantics, that these inference are to be applied in a committed-choice manner 
during proof search. With respect to Lolli, committed comes thus comes at the cost of 
giving up the general notion of execution as proof search, although it is retained outside 
the monad. 

The class LCC of linear logic concurrent constraint programming languages [Fages et al. 
2001] has a close relationship with CHR, although the former is based on agents whereas 
the latter is based on rules. Similar to CHR, LCC languages are non-deterministic and 
execution is committed-choice. The linear logic semantics of LCC is similar to our linear 
logic semantics for pure CHR and, as far as the two are comparable, it features similar 
results for soundness and completeness. Unlike CHR V however, LCC has no notion of 
disjunction. 

Furthermore, Fages et al. have proposed the so-called frontier semantics[Fages et al. 
2001] for LCC, in which the committed-choice operator is interpreted analogously to the 
disjunction operator V in CHR V . In the linear-logic interpretation of the frontier semantics, 
it is correspondingly mapped to the multiplicative disjunction &. However, the frontier 
semantics does not constitute a distinct programming language but is viewed as a tool 
to reason about properties of LCC programs. Hence, committed choice never co-exists 
with disjunction as in the linear logic semantics for CHR V . Rather, the two are viewed as 
different interpretations of the same connective for different purposes. 

More recently, Simmons et al. proposed the linear logic -based committed-choice pro- 
gramming language Linear Logical Algorithms [Simmons and Pfenning 2008]. While the 
language itself corresponds to a segment of pure CHR, the aim of the work is to define a 
cost semantics for algorithms that feature non-deteministic choices. 

8. CONCLUSION 

In this article, we have presented a detailed analysis of the relationship between both 
pure CHR and CHR V with intuitionistic linear logic and we have shown its applications 
from reasoning about programs observables to deciding operational equivalence of multi- 
paradigm CHR V programs. 

Our first main contribution is the linear-logic semantics for the segment of pure CHR. 
It encodes both CHR programs and constraint theories to proper axioms of the sequent 
calculus. We have shown that equivalence of CHR states coincides with logical equiva- 
lence of the logical readings of state. Furthermore, we have introduced the notion of state 
entailment, which precisely characterizes the discrepance between the transition relation 
between states in CHR and judgements between their corresponding logical readings. It is 
a key notion for the study and the application of our semantics. 

Our second main contribution is the definition of a linear-logic semantics for CHR V . 
This semantics maps the dualism between don't-care and don't-know non-determinism in 
CHR V to the dualism of internal and external choice in linear logic. Analogously to pure 
CHR, we have defined a notion of configuration entailment to characterize the discrepance 
between state transition and logical judgement. 

We have shown that the linear-logic semantics for CHR V has somewhat less desirable 
properties than the one for pure CHR. Concretely, mutual configuration entailment does 
not coincide with configuration equivalence. This makes linear-logic based reasoning over 
CHR V in general more imprecise. However, we have presented a well-behavedness prop- 
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erty for CHR V - analyticness - that amends this limitation. 

As our third main contribution, we have shown how to apply our results to reason about 
CHR and CHR V programs. We have defined sets of linear-logic based observables that 
correspond with the usual program observables of computable state and data-sufficient 
answer by means of state entailment or confguration entailment, respectively. We have 
presented criteria to prove various program properties, foremost safety properties, which 
consist in the non-computability of a specific state from a certain initial state. Furthermore, 
we have given a criterion to prove operational equivalence with respect to data-sufficient 
answers for multi-paradigm programs. 

As a further contribution, we have for the first time defined an equivalence relation 
over configurations and shown its compliance with rule application. Based on this re- 
lation, we have defined an elegant formalization of the operational semantics of CHR V 
based on equivalence classes of configurations. The equivalence-based semantics provides 
a language to express properties of programs such as operational equivalence across the 
boundaries of programming paradigms. 

Our results entail a wide range of possible future work. An obvious line of future work 
lies in the application of established methods for automated proof search in linear logic to 
reason about CHR and CHR V programs. As significant effort has been put in the current 
result on amending the discrepance between linear judgement and the semantics of CHR, 
it furthermore suggests itself to investigate whether a "purer" formalism to reason about 
CHR could be extracted from linear logic that avoids these discrepances. 
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